Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-25990 (GCVE-0-2026-25990)
Vulnerability from cvelistv5 – Published: 2026-02-11 20:53 – Updated: 2026-02-12 04:45
VLAI?
EPSS
Title
Pillow has an out-of-bounds write when loading PSD images
Summary
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
Severity ?
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| python-pillow | Pillow |
Affected:
>= 10.3.0, < 12.1.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25990",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-11T21:21:01.646207Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T21:30:18.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-12T04:45:38.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/02/12/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pillow",
"vendor": "python-pillow",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.3.0, \u003c 12.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787: Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-11T20:53:52.524Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
},
{
"name": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
}
],
"source": {
"advisory": "GHSA-cfh3-3jmp-rvhc",
"discovery": "UNKNOWN"
},
"title": "Pillow has an out-of-bounds write when loading PSD images"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25990",
"datePublished": "2026-02-11T20:53:52.524Z",
"dateReserved": "2026-02-09T17:41:55.858Z",
"dateUpdated": "2026-02-12T04:45:38.394Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-25990\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-02-11T21:16:20.670\",\"lastModified\":\"2026-02-13T21:32:55.623\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.9,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"PROOF_OF_CONCEPT\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.3.0\",\"versionEndExcluding\":\"12.1.1\",\"matchCriteriaId\":\"1EECB9F0-00C4-414F-9066-02BAF05067C4\"}]}]}],\"references\":[{\"url\":\"https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/02/12/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/02/12/1\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-02-12T04:45:38.394Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-25990\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-11T21:21:01.646207Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-11T21:30:16.211Z\"}}], \"cna\": {\"title\": \"Pillow has an out-of-bounds write when loading PSD images\", \"source\": {\"advisory\": \"GHSA-cfh3-3jmp-rvhc\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 8.9, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"python-pillow\", \"product\": \"Pillow\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 10.3.0, \u003c 12.1.1\"}]}], \"references\": [{\"url\": \"https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc\", \"name\": \"https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa\", \"name\": \"https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787: Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-02-11T20:53:52.524Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-25990\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-12T04:45:38.394Z\", \"dateReserved\": \"2026-02-09T17:41:55.858Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-02-11T20:53:52.524Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2026:10198-1
Vulnerability from csaf_opensuse - Published: 2026-02-13 00:00 - Updated: 2026-02-13 00:00Summary
python311-Pillow-12.1.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: python311-Pillow-12.1.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the python311-Pillow-12.1.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10198
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "python311-Pillow-12.1.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the python311-Pillow-12.1.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10198",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10198-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-25990 page",
"url": "https://www.suse.com/security/cve/CVE-2026-25990/"
}
],
"title": "python311-Pillow-12.1.1-1.1 on GA media",
"tracking": {
"current_release_date": "2026-02-13T00:00:00Z",
"generator": {
"date": "2026-02-13T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10198-1",
"initial_release_date": "2026-02-13T00:00:00Z",
"revision_history": [
{
"date": "2026-02-13T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python311-Pillow-12.1.1-1.1.aarch64",
"product": {
"name": "python311-Pillow-12.1.1-1.1.aarch64",
"product_id": "python311-Pillow-12.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python311-Pillow-tk-12.1.1-1.1.aarch64",
"product": {
"name": "python311-Pillow-tk-12.1.1-1.1.aarch64",
"product_id": "python311-Pillow-tk-12.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-Pillow-12.1.1-1.1.aarch64",
"product": {
"name": "python312-Pillow-12.1.1-1.1.aarch64",
"product_id": "python312-Pillow-12.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python312-Pillow-tk-12.1.1-1.1.aarch64",
"product": {
"name": "python312-Pillow-tk-12.1.1-1.1.aarch64",
"product_id": "python312-Pillow-tk-12.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-Pillow-12.1.1-1.1.aarch64",
"product": {
"name": "python313-Pillow-12.1.1-1.1.aarch64",
"product_id": "python313-Pillow-12.1.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "python313-Pillow-tk-12.1.1-1.1.aarch64",
"product": {
"name": "python313-Pillow-tk-12.1.1-1.1.aarch64",
"product_id": "python313-Pillow-tk-12.1.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-Pillow-12.1.1-1.1.ppc64le",
"product": {
"name": "python311-Pillow-12.1.1-1.1.ppc64le",
"product_id": "python311-Pillow-12.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python311-Pillow-tk-12.1.1-1.1.ppc64le",
"product": {
"name": "python311-Pillow-tk-12.1.1-1.1.ppc64le",
"product_id": "python311-Pillow-tk-12.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-Pillow-12.1.1-1.1.ppc64le",
"product": {
"name": "python312-Pillow-12.1.1-1.1.ppc64le",
"product_id": "python312-Pillow-12.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python312-Pillow-tk-12.1.1-1.1.ppc64le",
"product": {
"name": "python312-Pillow-tk-12.1.1-1.1.ppc64le",
"product_id": "python312-Pillow-tk-12.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-Pillow-12.1.1-1.1.ppc64le",
"product": {
"name": "python313-Pillow-12.1.1-1.1.ppc64le",
"product_id": "python313-Pillow-12.1.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "python313-Pillow-tk-12.1.1-1.1.ppc64le",
"product": {
"name": "python313-Pillow-tk-12.1.1-1.1.ppc64le",
"product_id": "python313-Pillow-tk-12.1.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-Pillow-12.1.1-1.1.s390x",
"product": {
"name": "python311-Pillow-12.1.1-1.1.s390x",
"product_id": "python311-Pillow-12.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python311-Pillow-tk-12.1.1-1.1.s390x",
"product": {
"name": "python311-Pillow-tk-12.1.1-1.1.s390x",
"product_id": "python311-Pillow-tk-12.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-Pillow-12.1.1-1.1.s390x",
"product": {
"name": "python312-Pillow-12.1.1-1.1.s390x",
"product_id": "python312-Pillow-12.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python312-Pillow-tk-12.1.1-1.1.s390x",
"product": {
"name": "python312-Pillow-tk-12.1.1-1.1.s390x",
"product_id": "python312-Pillow-tk-12.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-Pillow-12.1.1-1.1.s390x",
"product": {
"name": "python313-Pillow-12.1.1-1.1.s390x",
"product_id": "python313-Pillow-12.1.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "python313-Pillow-tk-12.1.1-1.1.s390x",
"product": {
"name": "python313-Pillow-tk-12.1.1-1.1.s390x",
"product_id": "python313-Pillow-tk-12.1.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python311-Pillow-12.1.1-1.1.x86_64",
"product": {
"name": "python311-Pillow-12.1.1-1.1.x86_64",
"product_id": "python311-Pillow-12.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python311-Pillow-tk-12.1.1-1.1.x86_64",
"product": {
"name": "python311-Pillow-tk-12.1.1-1.1.x86_64",
"product_id": "python311-Pillow-tk-12.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-Pillow-12.1.1-1.1.x86_64",
"product": {
"name": "python312-Pillow-12.1.1-1.1.x86_64",
"product_id": "python312-Pillow-12.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python312-Pillow-tk-12.1.1-1.1.x86_64",
"product": {
"name": "python312-Pillow-tk-12.1.1-1.1.x86_64",
"product_id": "python312-Pillow-tk-12.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-Pillow-12.1.1-1.1.x86_64",
"product": {
"name": "python313-Pillow-12.1.1-1.1.x86_64",
"product_id": "python313-Pillow-12.1.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "python313-Pillow-tk-12.1.1-1.1.x86_64",
"product": {
"name": "python313-Pillow-tk-12.1.1-1.1.x86_64",
"product_id": "python313-Pillow-tk-12.1.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-12.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.aarch64"
},
"product_reference": "python311-Pillow-12.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-12.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.ppc64le"
},
"product_reference": "python311-Pillow-12.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-12.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.s390x"
},
"product_reference": "python311-Pillow-12.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-12.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.x86_64"
},
"product_reference": "python311-Pillow-12.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-tk-12.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.aarch64"
},
"product_reference": "python311-Pillow-tk-12.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-tk-12.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.ppc64le"
},
"product_reference": "python311-Pillow-tk-12.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-tk-12.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.s390x"
},
"product_reference": "python311-Pillow-tk-12.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python311-Pillow-tk-12.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.x86_64"
},
"product_reference": "python311-Pillow-tk-12.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-12.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.aarch64"
},
"product_reference": "python312-Pillow-12.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-12.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.ppc64le"
},
"product_reference": "python312-Pillow-12.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-12.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.s390x"
},
"product_reference": "python312-Pillow-12.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-12.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.x86_64"
},
"product_reference": "python312-Pillow-12.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-tk-12.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.aarch64"
},
"product_reference": "python312-Pillow-tk-12.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-tk-12.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.ppc64le"
},
"product_reference": "python312-Pillow-tk-12.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-tk-12.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.s390x"
},
"product_reference": "python312-Pillow-tk-12.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python312-Pillow-tk-12.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.x86_64"
},
"product_reference": "python312-Pillow-tk-12.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-12.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.aarch64"
},
"product_reference": "python313-Pillow-12.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-12.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.ppc64le"
},
"product_reference": "python313-Pillow-12.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-12.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.s390x"
},
"product_reference": "python313-Pillow-12.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-12.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.x86_64"
},
"product_reference": "python313-Pillow-12.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-tk-12.1.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.aarch64"
},
"product_reference": "python313-Pillow-tk-12.1.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-tk-12.1.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.ppc64le"
},
"product_reference": "python313-Pillow-tk-12.1.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-tk-12.1.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.s390x"
},
"product_reference": "python313-Pillow-tk-12.1.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python313-Pillow-tk-12.1.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.x86_64"
},
"product_reference": "python313-Pillow-tk-12.1.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-25990",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-25990"
}
],
"notes": [
{
"category": "general",
"text": "Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-25990",
"url": "https://www.suse.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "SUSE Bug 1258125 for CVE-2026-25990",
"url": "https://bugzilla.suse.com/1258125"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python311-Pillow-tk-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python312-Pillow-tk-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-12.1.1-1.1.x86_64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.aarch64",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.ppc64le",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.s390x",
"openSUSE Tumbleweed:python313-Pillow-tk-12.1.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-02-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-25990"
}
]
}
RHSA-2026:3461
Vulnerability from csaf_redhat - Published: 2026-02-27 14:54 - Updated: 2026-03-31 22:56Summary
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (CUDA)
Severity
Critical
Notes
Topic: Red Hat AI Inference Server 3.2.2 (CUDA) is now available.
Details: Red Hat® AI Inference Server
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in ray. The job submission API allows a remote attacker to execute arbitrary code due to insufficient input validation. An unauthenticated attacker can trigger this vulnerability by sending a malicious job submission request. Successful exploitation results in arbitrary code execution on the affected Ray cluster.
CWE-918 - Server-Side Request Forgery (SSRF)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.
CWE-1188 - Initialization of a Resource with an Insecure Default
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
8.1 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.
7.1 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.
7.8 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).
5.6 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the 'ulimit' shell built-in or the 'limits.conf' file.
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
8.8 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.
9.8 (Critical)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
This flaw can be mitigated when using the client only connecting to trusted servers.
A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.
8.2 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Potential mitigations for this issue include:
* Using user namespaces, with the host root user not mapped into the container's namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.
* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.
* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.
* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.
A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.
4.1 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.
4.1 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.
A flaw was found in vLLM’s API token authentication logic, where token comparisons were not performed in constant time. This weakness could allow an attacker to exploit timing differences to guess valid tokens and bypass authentication.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the server implementation of vLLM, where the handling of Jinja templates does not properly validate user-supplied input through the chat_template and chat_template_kwargs parameters. When a specially crafted template is processed, it can trigger excessive looping or recursion inside the Jinja engine, consuming large amounts of CPU and memory. This can cause the server to become unresponsive or crash, resulting in a denial-of-service (DoS) condition for applications using vLLM.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.
8.8 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor’s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A vulnerability in vLLM allows an authenticated user to trigger unintended tokenization during chat template processing by supplying crafted chat_template_kwargs to the /v1/chat/completions or /tokenize endpoints. By forcing the server to tokenize very large inputs, an attacker can block the API server’s event loop for extended periods, causing a denial of service and delaying all other requests.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A flaw was found in Ray’s HTTP API endpoint handling (e.g. /api/jobs, /api/job_agent/jobs/), which allows a remote attacker to trigger arbitrary code execution when a developer using Ray visits a malicious website in a vulnerable browser (e.g. Firefox or Safari). The root cause is an insufficient defense relying solely on the User-Agent header starting with “Mozilla”, which can be manipulated under the fetch specification — enabling a DNS-rebinding attack to bypass browser-based protections.
8.8 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service vulnerability has been discovered in the python Starlette framework. an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This induces CPU exhaustion per request, causing a denial‑of‑service for endpoints serving files.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model's configuration, even when explicit security measures are set to prevent it.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
A decompression based denial of service flaw has been discovered in the AIOHTTP python library. Library versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service (DoS) vulnerability by supplying deeply nested `google.protobuf.Any` messages to the `google.protobuf.json_format.ParseDict()` function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’s recursion stack and causing a `RecursionError`, which results in a denial of service.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted 1x1 pixel image to a vLLM engine serving multimodal models that use the Idefics3 vision model implementation. This leads to a tensor dimension mismatch, causing an unhandled runtime error and resulting in complete server termination, effectively a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM's multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the effectiveness of Address Space Layout Randomization (ASLR). This information disclosure can then be chained with a heap overflow vulnerability to achieve remote code execution.
9.8 (Critical)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability allows a remote attacker to achieve arbitrary code execution on the vLLM host during model loading. This occurs because vLLM loads Hugging Face `auto_map` dynamic modules without properly validating the `trust_remote_code` setting. By influencing the model repository or path, an attacker can execute malicious Python code at server startup, even before any API requests are handled.
8.8 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
To mitigate this issue, ensure that vLLM instances are configured to load models only from trusted and verified repositories. Restrict access to the model repository path to prevent unauthorized modification or introduction of malicious code. Implement strict access controls and integrity checks for all model sources.
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
7.1 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Python-Multipart, a tool for parsing multipart form data in Python applications. This vulnerability, known as path traversal, allows a remote attacker to write uploaded files to any location on the server's file system. This exploitation occurs when specific non-default configuration options, `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`, are enabled, and a malicious filename is provided during a file upload. The primary consequence is unauthorized file creation or modification, which could lead to system compromise.
8.6 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
To mitigate this vulnerability, avoid enabling the `UPLOAD_KEEP_FILENAME=True` configuration option in applications using `python-multipart`. This option, when used with `UPLOAD_DIR`, allows an attacker to write files to arbitrary locations. Disabling or not configuring `UPLOAD_KEEP_FILENAME=True` prevents the path traversal vulnerability.
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class, specifically within the load_from_url and load_from_url_async methods. An attacker can exploit differing interpretations of backslashes by Python parsing libraries used for host restrictions to bypass these restrictions. This allows the attacker to force the vLLM server to make arbitrary requests to internal network resources, potentially leading to information disclosure, denial of service, or unauthorized access within containerized environments.
7.1 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
To mitigate this issue, restrict network access to the vLLM service to only trusted clients. Implement strict network segmentation for vLLM pods in containerized environments to limit potential lateral movement. Ensure that vLLM instances are not exposed to untrusted external networks without proper access controls and input validation at the perimeter.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3461
https://access.redhat.com/errata/RHSA-2026:3461
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
Acknowledgments
Ronald Crane
AnchorSec Ltd.
Gareth C
jub0bs
keymoon
Ga_ryo
Isotr0py
DarkLight1337
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.2 (CUDA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3461",
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47906",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5318",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53905",
"url": "https://access.redhat.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53906",
"url": "https://access.redhat.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59425",
"url": "https://access.redhat.com/security/cve/CVE-2025-59425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61620",
"url": "https://access.redhat.com/security/cve/CVE-2025-61620"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6242",
"url": "https://access.redhat.com/security/cve/CVE-2025-6242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62426",
"url": "https://access.redhat.com/security/cve/CVE-2025-62426"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62593",
"url": "https://access.redhat.com/security/cve/CVE-2025-62593"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62727",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69223",
"url": "https://access.redhat.com/security/cve/CVE-2025-69223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6965",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8176",
"url": "https://access.redhat.com/security/cve/CVE-2025-8176"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9900",
"url": "https://access.redhat.com/security/cve/CVE-2025-9900"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-0994",
"url": "https://access.redhat.com/security/cve/CVE-2026-0994"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22773",
"url": "https://access.redhat.com/security/cve/CVE-2026-22773"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22778",
"url": "https://access.redhat.com/security/cve/CVE-2026-22778"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22807",
"url": "https://access.redhat.com/security/cve/CVE-2026-22807"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24486",
"url": "https://access.redhat.com/security/cve/CVE-2026-24486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24779",
"url": "https://access.redhat.com/security/cve/CVE-2026-24779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-48022",
"url": "https://access.redhat.com/security/cve/CVE-2023-48022"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-52355",
"url": "https://access.redhat.com/security/cve/CVE-2023-52355"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-52356",
"url": "https://access.redhat.com/security/cve/CVE-2023-52356"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56433",
"url": "https://access.redhat.com/security/cve/CVE-2024-56433"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15467",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3461.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (CUDA)",
"tracking": {
"current_release_date": "2026-03-31T22:56:50+00:00",
"generator": {
"date": "2026-03-31T22:56:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:3461",
"initial_release_date": "2026-02-27T14:54:46+00:00",
"revision_history": [
{
"date": "2026-02-27T14:54:46+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-27T14:54:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-31T22:56:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3Adcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=1772160593"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64",
"product_id": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-cuda-rhel9@sha256%3Afa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f?arch=arm64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=1772160593"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48022",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2025-08-07T17:35:20.588000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ray. The job submission API allows a remote attacker to execute arbitrary code due to insufficient input validation. An unauthenticated attacker can trigger this vulnerability by sending a malicious job submission request. Successful exploitation results in arbitrary code execution on the affected Ray cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ray: Ray Job Submission Arbitrary Code Execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48022"
},
{
"category": "external",
"summary": "RHBZ#2387122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48022"
}
],
"release_date": "2025-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ray: Ray Job Submission Arbitrary Code Execution"
},
{
"cve": "CVE-2023-52355",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251326"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified out-of-memory vulnerability in libtiff, triggered by a crafted TIFF file passed to the TIFFRasterScanlineSize64() API, presents a moderate severity concern rather than a important one due to several factors. Primarily, the exploit requires the crafted input to be smaller than 379 KB, imposing a limitation on the potential impact and reducing the likelihood of successful exploitation in practical scenarios. Furthermore, the nature of the vulnerability is limited to denial-of-service attacks, which, although disruptive, do not inherently pose a direct risk of data compromise or system compromise. However, it\u0027s important to acknowledge that denial-of-service attacks can still have significant operational implications, particularly in environments reliant on continuous availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-52355"
},
{
"category": "external",
"summary": "RHBZ#2251326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-52355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52355"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-52355",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52355"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/621",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/621"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM"
},
{
"cve": "CVE-2023-52356",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251344"
}
],
"notes": [
{
"category": "description",
"text": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw allows an attacker to potentially cause a denial of service attack by crashing a program, but the impact is minimal.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-52356"
},
{
"category": "external",
"summary": "RHBZ#2251344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-52356",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52356"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/622",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/622"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service"
},
{
"cve": "CVE-2024-56433",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2024-12-26T09:00:54.065197+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2334165"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56433"
},
{
"category": "external",
"summary": "RHBZ#2334165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334165"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241",
"url": "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/issues/1157",
"url": "https://github.com/shadow-maint/shadow/issues/1157"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/releases/tag/4.4",
"url": "https://github.com/shadow-maint/shadow/releases/tag/4.4"
}
],
"release_date": "2024-12-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise"
},
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
},
{
"cve": "CVE-2025-6242",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2025-06-18T15:26:47.633000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373716"
}
],
"notes": [
{
"category": "description",
"text": "A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project\u0027s multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: Server Side request forgery (SSRF) in MediaConnector",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as having the severity of Important by the Red Hat Product Security team as a successful exploitation by an attacker may lead to confidential data being leaked or a denial of service. Additionally the fact a unprivileged user can trigger this vulnerability through the network also contributes for the severity.\n\nThis vulnerability has its risk amplified on orchestrated environments as pods running the vLLM may eventually communicate with each other through internal cluster routing, including services that should not have been exposed to external networks. An attacker may leverage this flaw to interact with internal services, perform network reconnaissance or trigger a denial of service by leading other internal services to fail.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6242"
},
{
"category": "external",
"summary": "RHBZ#2373716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373716"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6242"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4"
}
],
"release_date": "2025-10-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: Server Side request forgery (SSRF) in MediaConnector"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"cve": "CVE-2025-8176",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-07-26T04:00:56.216434+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383598"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: LibTIFF Use-After-Free Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated Important because it involves a use-after-free flaw in the get_histogram function of LibTIFF\u2019s tiffmedian tool. Successful exploitation may allow a local attacker to execute arbitrary code or cause a denial of service, leading to loss of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8176"
},
{
"category": "external",
"summary": "RHBZ#2383598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176"
},
{
"category": "external",
"summary": "http://www.libtiff.org/",
"url": "http://www.libtiff.org/"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172",
"url": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/707",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/707"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.317590",
"url": "https://vuldb.com/?ctiid.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.317590",
"url": "https://vuldb.com/?id.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.621796",
"url": "https://vuldb.com/?submit.621796"
}
],
"release_date": "2025-07-26T03:32:08.851000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: LibTIFF Use-After-Free Vulnerability"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"Gareth C"
],
"organization": "AnchorSec Ltd."
}
],
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"discovery_date": "2025-09-03T02:48:12.111000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file\u0027s metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: Libtiff Write-What-Where",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This attack requires user interaction to run the malicious TIFF image file, hence the CVE is maintained as important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9900"
},
{
"category": "external",
"summary": "RHBZ#2392784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900"
},
{
"category": "external",
"summary": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file",
"url": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/704",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/704"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732"
},
{
"category": "external",
"summary": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html",
"url": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html"
}
],
"release_date": "2025-09-22T14:29:35.767000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: Libtiff Write-What-Where"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-47906",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-18T19:00:47.541046+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396546"
}
],
"notes": [
{
"category": "description",
"text": "A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os/exec: Unexpected paths returned from LookPath in os/exec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "RHBZ#2396546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://go.dev/cl/691775",
"url": "https://go.dev/cl/691775"
},
{
"category": "external",
"summary": "https://go.dev/issue/74466",
"url": "https://go.dev/issue/74466"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3956",
"url": "https://pkg.go.dev/vuln/GO-2025-3956"
}
],
"release_date": "2025-09-18T18:41:11.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os/exec: Unexpected paths returned from LookPath in os/exec"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-53905",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-07-15T21:01:19.770241+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380362"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim path traversial",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "RHBZ#2380362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380362"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239",
"url": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr",
"url": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr"
}
],
"release_date": "2025-07-15T20:48:34.764000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim path traversial"
},
{
"cve": "CVE-2025-53906",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-07-15T21:01:15.057182+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380360"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "RHBZ#2380360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8",
"url": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86",
"url": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86"
}
],
"release_date": "2025-07-15T20:52:40.137000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim path traversal"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-59425",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2025-09-22T06:45:41.577000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397234"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM\u2019s API token authentication logic, where token comparisons were not performed in constant time. This weakness could allow an attacker to exploit timing differences to guess valid tokens and bypass authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: Timing Attack in vLLM API Token Verification Leading to Authentication Bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The RedHat security team has rated the severity of this issue as Important. The vulnerability is remotely exploitable without authentication or user interaction and can result in authentication bypass. The root cause was the use of a non-constant-time string comparison, which leaked timing information. Successful exploitation could lead to unauthorized access to APIs and sensitive resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59425"
},
{
"category": "external",
"summary": "RHBZ#2397234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397234"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59425"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48",
"url": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm"
}
],
"release_date": "2025-10-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: Timing Attack in vLLM API Token Verification Leading to Authentication Bypass"
},
{
"acknowledgments": [
{
"names": [
"keymoon",
"Ga_ryo",
"Isotr0py",
"DarkLight1337"
]
}
],
"cve": "CVE-2025-61620",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-06T05:59:34.077000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401761"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the server implementation of vLLM, where the handling of Jinja templates does not properly validate user-supplied input through the chat_template and chat_template_kwargs parameters. When a specially crafted template is processed, it can trigger excessive looping or recursion inside the Jinja engine, consuming large amounts of CPU and memory. This can cause the server to become unresponsive or crash, resulting in a denial-of-service (DoS) condition for applications using vLLM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM OpenAI-Compatible Server Resource Exhaustion via chat_template Parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed the severity of this vulnerability as Moderate, as it requires authenticated access or the ability to supply templates to the vLLM server. Successful exploitation allows an attacker to exhaust system resources by submitting maliciously crafted Jinja templates that trigger excessive CPU and memory usage. The vulnerability\u2019s root cause is the lack of proper validation and sandboxing of user-supplied template data, which can lead to denial of service (DoS) conditions affecting the availability of services built on vLLM.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61620"
},
{
"category": "external",
"summary": "RHBZ#2401761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61620"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61620",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61620"
}
],
"release_date": "2025-10-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM OpenAI-Compatible Server Resource Exhaustion via chat_template Parameters"
},
{
"cve": "CVE-2025-62164",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-21T02:01:11.280042+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416282"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "RHBZ#2416282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
}
],
"release_date": "2025-11-21T01:18:38.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
},
{
"cve": "CVE-2025-62372",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2025-11-21T02:00:57.180567+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416280"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor\u2019s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "RHBZ#2416280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/6613",
"url": "https://github.com/vllm-project/vllm/pull/6613"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
}
],
"release_date": "2025-11-21T01:22:37.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
},
{
"cve": "CVE-2025-62426",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-21T02:00:49.606988+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in vLLM allows an authenticated user to trigger unintended tokenization during chat template processing by supplying crafted chat_template_kwargs to the /v1/chat/completions or /tokenize endpoints. By forcing the server to tokenize very large inputs, an attacker can block the API server\u2019s event loop for extended periods, causing a denial of service and delaying all other requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw is limited to a denial-of-service vector that requires an authenticated user and relies on abusing an optional, non-security-critical parameter (chat_template_kwargs) to force unexpected tokenization during template application, which is computationally expensive but not indicative of data corruption, privilege escalation, or code execution. The attacker cannot break isolation boundaries or execute arbitrary logic\u2014they can only cause the server\u2019s event loop to stall through large crafted inputs, and only if they already have access to the vLLM API. Moreover, the DoS condition is resource-intensive, depends heavily on model size and server configuration, and does not persist once the malicious request completes. Because the impact is bounded to temporary availability degradation without confidentiality or integrity loss, and because exploitation requires legitimate API access and large payloads, this issue aligns with a Moderate severity rather than an Important/High flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62426"
},
{
"category": "external",
"summary": "RHBZ#2416278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62426"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62426"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610",
"url": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814",
"url": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b",
"url": "https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27205",
"url": "https://github.com/vllm-project/vllm/pull/27205"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p"
}
],
"release_date": "2025-11-21T01:21:29.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`"
},
{
"cve": "CVE-2025-62593",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-11-26T23:01:25.307125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417394"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ray\u2019s HTTP API endpoint handling (e.g. /api/jobs, /api/job_agent/jobs/), which allows a remote attacker to trigger arbitrary code execution when a developer using Ray visits a malicious website in a vulnerable browser (e.g. Firefox or Safari). The root cause is an insufficient defense relying solely on the User-Agent header starting with \u201cMozilla\u201d, which can be manipulated under the fetch specification \u2014 enabling a DNS-rebinding attack to bypass browser-based protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ray: Ray is vulnerable to RCE via Safari \u0026 Firefox Browsers through DNS Rebinding Attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has chosen to keep this as Important instead of Critical severity because the successful exploitation of this vulnerability requires user interaction in conjunction with a DNS rebinding attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62593"
},
{
"category": "external",
"summary": "RHBZ#2417394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417394"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62593"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62593",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62593"
},
{
"category": "external",
"summary": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09",
"url": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09"
},
{
"category": "external",
"summary": "https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v",
"url": "https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v"
}
],
"release_date": "2025-11-26T22:28:28.577000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ray: Ray is vulnerable to RCE via Safari \u0026 Firefox Browsers through DNS Rebinding Attack"
},
{
"cve": "CVE-2025-62727",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-10-28T21:01:03.833849+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406929"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability has been discovered in the python Starlette framework. an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This induces CPU exhaustion per request, causing a denial\u2011of\u2011service for endpoints serving files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "starlette: Starlette DoS via Range header merging",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "RHBZ#2406929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5",
"url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
}
],
"release_date": "2025-10-28T20:14:53.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "starlette: Starlette DoS via Range header merging"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66448",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-12-01T23:01:07.198041+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418152"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "RHBZ#2418152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
"url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/28126",
"url": "https://github.com/vllm-project/vllm/pull/28126"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
}
],
"release_date": "2025-12-01T22:45:42.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-69223",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-06T20:01:19.831548+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427456"
}
],
"notes": [
{
"category": "description",
"text": "A decompression based denial of service flaw has been discovered in the AIOHTTP python library. Library versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: AIOHTTP\u0027s HTTP Parser auto_decompress feature is vulnerable to zip bomb",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69223"
},
{
"category": "external",
"summary": "RHBZ#2427456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a",
"url": "https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg"
}
],
"release_date": "2026-01-05T22:00:17.715000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "aiohttp: AIOHTTP\u0027s HTTP Parser auto_decompress feature is vulnerable to zip bomb"
},
{
"cve": "CVE-2026-0994",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2026-01-23T16:02:59.235878+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2432398"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in protobuf. A remote attacker can exploit this denial-of-service (DoS) vulnerability by supplying deeply nested `google.protobuf.Any` messages to the `google.protobuf.json_format.ParseDict()` function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python\u2019s recursion stack and causing a `RecursionError`, which results in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: protobuf: Protobuf: Denial of Service due to recursion depth bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in `protobuf` allows a remote attacker to trigger a denial-of-service by providing specially crafted, deeply nested `google.protobuf.Any` messages to the `google.protobuf.json_format.ParseDict()` function. This bypasses the intended recursion depth limit, leading to resource exhaustion and application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0994"
},
{
"category": "external",
"summary": "RHBZ#2432398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432398"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0994",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0994"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0994",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0994"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/pull/25239",
"url": "https://github.com/protocolbuffers/protobuf/pull/25239"
}
],
"release_date": "2026-01-23T14:55:16.876000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: protobuf: Protobuf: Denial of Service due to recursion depth bypass"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-22773",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-10T07:01:22.641229+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428443"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted 1x1 pixel image to a vLLM engine serving multimodal models that use the Idefics3 vision model implementation. This leads to a tensor dimension mismatch, causing an unhandled runtime error and resulting in complete server termination, effectively a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Denial of Service via specially crafted image in multimodal model serving",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A remote attacker can trigger a denial of service in vLLM engines serving multimodal models that use the Idefics3 vision model by sending a specially crafted image, leading to complete server termination. This affects Red Hat AI Inference Server and Red Hat OpenShift AI (RHOAI) when configured with the vulnerable vLLM versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22773"
},
{
"category": "external",
"summary": "RHBZ#2428443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428443"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22773",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22773"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr"
}
],
"release_date": "2026-01-10T06:39:02.276000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM: Denial of Service via specially crafted image in multimodal model serving"
},
{
"cve": "CVE-2026-22778",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-02-03T00:01:43.512265+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436113"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM\u0027s multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the effectiveness of Address Space Layout Randomization (ASLR). This information disclosure can then be chained with a heap overflow vulnerability to achieve remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Critical rather than Important because it allows unauthenticated remote code execution without requiring user interaction, ultimately leading to full compromise of the affected system. An attacker can provide a malicious video URL to a vulnerable vLLM inference endpoint, which causes the service to automatically retrieve and process attacker-controlled media content. During decoding, a heap overflow is triggered in the underlying video processing stack, enabling corruption of heap memory and potential overwriting of control structures to execute arbitrary commands on the host. In addition, an information disclosure condition can leak memory addresses, significantly weakening ASLR protections and making exploitation more reliable when combined with the heap overflow. Successful exploitation compromises the confidentiality, integrity, and availability of the system and can impact deployments such as Red Hat AI Inference Server, Red Hat Enterprise Linux AI, and Red Hat OpenShift AI, thereby meeting Red Hat\u2019s criteria for Critical severity rather than Important impact.\n\nThe vLLM vulnerability depends on CVE-2025-9951, as processing attacker-controlled media can trigger the JPEG2000 decoder heap overflow, which can then be exploited within the vLLM video handling pipeline to cause memory corruption and potentially achieve remote code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22778"
},
{
"category": "external",
"summary": "RHBZ#2436113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436113"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22778"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/31987",
"url": "https://github.com/vllm-project/vllm/pull/31987"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/32319",
"url": "https://github.com/vllm-project/vllm/pull/32319"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/releases/tag/v0.14.1",
"url": "https://github.com/vllm-project/vllm/releases/tag/v0.14.1"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv"
}
],
"release_date": "2026-02-02T21:09:53.265000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint."
},
{
"cve": "CVE-2026-22807",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-01-21T22:00:55.823882+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431865"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability allows a remote attacker to achieve arbitrary code execution on the vLLM host during model loading. This occurs because vLLM loads Hugging Face `auto_map` dynamic modules without properly validating the `trust_remote_code` setting. By influencing the model repository or path, an attacker can execute malicious Python code at server startup, even before any API requests are handled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vLLM: vLLM: Arbitrary code execution via untrusted model loading",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as vLLM, an inference and serving engine for large language models, is vulnerable to arbitrary code execution. An attacker influencing the model repository or path can execute malicious Python code during server startup, affecting vLLM versions 0.10.1 through 0.13.x.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22807"
},
{
"category": "external",
"summary": "RHBZ#2431865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431865"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22807",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22807"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22807",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22807"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5",
"url": "https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/32194",
"url": "https://github.com/vllm-project/vllm/pull/32194"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/releases/tag/v0.14.0",
"url": "https://github.com/vllm-project/vllm/releases/tag/v0.14.0"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr"
}
],
"release_date": "2026-01-21T21:13:11.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that vLLM instances are configured to load models only from trusted and verified repositories. Restrict access to the model repository path to prevent unauthorized modification or introduction of malicious code. Implement strict access controls and integrity checks for all model sources.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vLLM: vLLM: Arbitrary code execution via untrusted model loading"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-24486",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-27T01:00:58.032530+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python-Multipart, a tool for parsing multipart form data in Python applications. This vulnerability, known as path traversal, allows a remote attacker to write uploaded files to any location on the server\u0027s file system. This exploitation occurs when specific non-default configuration options, `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`, are enabled, and a malicious filename is provided during a file upload. The primary consequence is unauthorized file creation or modification, which could lead to system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-multipart: Python-Multipart: Arbitrary file write via path traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24486"
},
{
"category": "external",
"summary": "RHBZ#2433132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24486"
},
{
"category": "external",
"summary": "https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4",
"url": "https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4"
},
{
"category": "external",
"summary": "https://github.com/Kludex/python-multipart/releases/tag/0.0.22",
"url": "https://github.com/Kludex/python-multipart/releases/tag/0.0.22"
},
{
"category": "external",
"summary": "https://github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg",
"url": "https://github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg"
}
],
"release_date": "2026-01-27T00:34:06.229000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid enabling the `UPLOAD_KEEP_FILENAME=True` configuration option in applications using `python-multipart`. This option, when used with `UPLOAD_DIR`, allows an attacker to write files to arbitrary locations. Disabling or not configuring `UPLOAD_KEEP_FILENAME=True` prevents the path traversal vulnerability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-multipart: Python-Multipart: Arbitrary file write via path traversal vulnerability"
},
{
"cve": "CVE-2026-24779",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-01-27T23:00:53.998772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class, specifically within the load_from_url and load_from_url_async methods. An attacker can exploit differing interpretations of backslashes by Python parsing libraries used for host restrictions to bypass these restrictions. This allows the attacker to force the vLLM server to make arbitrary requests to internal network resources, potentially leading to information disclosure, denial of service, or unauthorized access within containerized environments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vLLM: vLLM: Server-Side Request Forgery allows internal network access",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT Server-Side Request Forgery (SSRF) vulnerability in vLLM\u0027s `MediaConnector` allows an attacker to bypass host restrictions when processing user-provided URLs. This enables the vLLM server to be coerced into making arbitrary requests to internal network resources. This is critical in containerized deployments, including Red Hat AI Inference Server, Red Hat Enterprise Linux AI, and Red Hat OpenShift AI, where it could facilitate internal network reconnaissance and unauthorized access to other services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24779"
},
{
"category": "external",
"summary": "RHBZ#2433624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24779"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7",
"url": "https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/32746",
"url": "https://github.com/vllm-project/vllm/pull/32746"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc"
}
],
"release_date": "2026-01-27T22:01:13.808000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "To mitigate this issue, restrict network access to the vLLM service to only trusted clients. Implement strict network segmentation for vLLM pods in containerized environments to limit potential lateral movement. Ensure that vLLM instances are not exposed to untrusted external networks without proper access controls and input validation at the perimeter.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vLLM: vLLM: Server-Side Request Forgery allows internal network access"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:54:46+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3461",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3461"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-cuda-rhel9@sha256:fa844e16d06e871f1a5dbc2fd5b3882d28112eee8d6bee601d94c96295c5e24f_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
}
]
}
RHSA-2026:5168
Vulnerability from csaf_redhat - Published: 2026-03-19 19:18 - Updated: 2026-03-31 22:57Summary
Red Hat Security Advisory: Red Hat Quay 3.9.19
Severity
Important
Notes
Topic: Red Hat Quay 3.9.19 is now available with bug fixes.
Details: Quay 3.9.19
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5168
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.9.19 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.9.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5168",
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5168.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.9.19",
"tracking": {
"current_release_date": "2026-03-31T22:57:04+00:00",
"generator": {
"date": "2026-03-31T22:57:04+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:5168",
"initial_release_date": "2026-03-19T19:18:06+00:00",
"revision_history": [
{
"date": "2026-03-19T19:18:06+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-19T19:18:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-31T22:57:04+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.9",
"product": {
"name": "Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.9::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931764"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ad97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931771"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772739181"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Acb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3A7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773939659"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Af5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Add567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Ace8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ae16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931180"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Aca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931200"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772728539"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725093"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Aa6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773931187"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ad64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773936323"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"relates_to_product_reference": "Red Hat Quay 3.9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64 as a component of Red Hat Quay 3.9",
"product_id": "Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64",
"relates_to_product_reference": "Red Hat Quay 3.9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"known_not_affected": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-19T19:18:06+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5168"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:0793761b8f52bd37b70a0920c123df7b5689050fe0d0b180a23747382136805d_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:2c4942e97dbe11310a36b234b6b79248aa901521c0cc6ede26c264852cc1c6c7_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/clair-rhel8@sha256:e16ff32fc51fc8515f0798b9b0facfae3b18e11d1c200ad561c5f96c4591e748_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:1f6d8b0bf693a4ff88c2e5f8fe5a39ce306243eb60670272f31b1ce0784355d5_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:1c162f16e74dff074693cb2c1629fa10fcbdda7e297305c505c3eadbbb6fd253_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ca15dc9c0af98219cf20368b4fb1d7f5e79a72112446b3cb2bc29d0950a4a614_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:ce8008cf1e109a6109802654da56c24a94b436a15d68cac2fc7154e955ea60c3_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:24860b370a6bd80d71b174736e21690cc3360b7e03eba42a7e9b6ee0f8e513f1_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:591ecd8de762d2064ff254bb0ab87c7f67fc2feda462dfc91386cec7fb58be59_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:6e208ffe402a0a2fef67414ce3c23849129054b4d58285eaecb5d7511b4a8a94_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-builder-rhel8@sha256:cb97c36edb2dbd26a82a421316b2d78694b58b446e03fc9770225a238b6ac65f_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:3443ae24c14bfe47730a8c9d80478948df7364eb5a11c031537d6a1ec39aac8d_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6a0081cc99c6fcf508090727ac8690b72d455a506866ae0279d19119098ea7da_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:85c2ef5ae8e143f76831e6231c420fa1d9fd0ea237dfd1bce7d6751b09203dd0_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:d97a9d9d6da4388e61873bf60413a321be153e2a9d19031fa885bcc69540afc6_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-bundle@sha256:7363defd98566b083b35c27715a53bc5bfbcbd73fa9dafe7a6218166e9d11b14_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:32a95ce56a8ac04a8fd37eab9ff385d4042d53e533f5bba8e5592faeb09f01fc_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:a6f6ea5303d254e481143d95ab41d05a7ce31a321ca787893eba35dbd75e6caf_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-operator-rhel8@sha256:f5d0a543470bd20a4572190e50b63e9b74e5dbba552b4fe972721518e4183beb_amd64",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:3e5ce0a56241c9804249dfb302cde02d2ffe30ba8fcd8aef8f1bce916d2324ad_ppc64le",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:d64bb14bf73ef1bc222525bffb67a3dfab0ba3ceef4770beb8138699609d4b41_s390x",
"Red Hat Quay 3.9:registry.redhat.io/quay/quay-rhel8@sha256:dd567423c854e8732542c41bfcda71948517762f8e91e31496e7dffa67b3c8c0_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
RHSA-2026:6308
Vulnerability from csaf_redhat - Published: 2026-03-31 22:34 - Updated: 2026-03-31 22:57Summary
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update
Severity
Important
Notes
Topic: An update is now available for Red Hat Ansible Automation Platform 2.5
Details: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
For details about this release, refer to the release notes listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A decompression based denial of service flaw has been discovered in the AIOHTTP python library. Library versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading
https://access.redhat.com/errata/RHSA-2026:6308
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component's reliance on the `static-eval` module for processing user-supplied input leads to unsafe evaluation. Successful exploitation can result in Remote Code Execution (RCE) in Node.js environments or Cross-site Scripting (XSS) in browser contexts.
9.8 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading
https://access.redhat.com/errata/RHSA-2026:6308
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading
https://access.redhat.com/errata/RHSA-2026:6308
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading
https://access.redhat.com/errata/RHSA-2026:6308
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading
https://access.redhat.com/errata/RHSA-2026:6308
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.5",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nFor details about this release, refer to the release notes listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6308",
"url": "https://access.redhat.com/errata/RHSA-2026:6308"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69223",
"url": "https://access.redhat.com/security/cve/CVE-2025-69223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-1615",
"url": "https://access.redhat.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/release_notes/patch_releases",
"url": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html/release_notes/patch_releases"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6308.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update",
"tracking": {
"current_release_date": "2026-03-31T22:57:16+00:00",
"generator": {
"date": "2026-03-31T22:57:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:6308",
"initial_release_date": "2026-03-31T22:34:16+00:00",
"revision_history": [
{
"date": "2026-03-31T22:34:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-31T22:34:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-31T22:57:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.5",
"product": {
"name": "Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.5::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-operator-bundle@sha256%3Abc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform\u0026tag=1774617799"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel8@sha256%3A0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774398911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-operator-bundle@sha256%3A8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform\u0026tag=1774617957"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel8@sha256%3Ac264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401522"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel8@sha256%3A3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774573155"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel8@sha256%3A3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774414699"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel8@sha256%3A360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774446874"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel8-operator@sha256%3A433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-python-base-rhel8@sha256%3A8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774398095"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-python-toolkit-rhel8@sha256%3Ac25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401376"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel8@sha256%3A783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401023"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel8-operator@sha256%3A6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167244"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel8@sha256%3A9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399338"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel8-operator@sha256%3A3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel8@sha256%3A3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774484106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel8@sha256%3A9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774352226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel8-operator@sha256%3A47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167258"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel8@sha256%3A049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399567"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel8@sha256%3Af1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774587114"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel8-operator@sha256%3Ad55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167254"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel8@sha256%3Ae474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774589220"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel8@sha256%3A85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774405413"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel8@sha256%3A1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774409723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel8@sha256%3Abde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774404039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel8@sha256%3Ae8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774446347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel8-operator@sha256%3Ae0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel8@sha256%3A5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774449833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel8@sha256%3Ab8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915?arch=amd64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399119"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel8@sha256%3Acbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774398911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel8@sha256%3A6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401522"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel8@sha256%3Ab77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774573155"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel8@sha256%3A9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774414699"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel8@sha256%3A7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774446874"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel8-operator@sha256%3Ac7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-python-base-rhel8@sha256%3A90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774398095"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ansible-python-toolkit-rhel8@sha256%3Ac5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401376"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel8@sha256%3A6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401023"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel8-operator@sha256%3A0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167244"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel8@sha256%3A268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399338"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel8-operator@sha256%3Aa592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel8@sha256%3A17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774484106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel8@sha256%3A78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774352226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel8-operator@sha256%3A8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167258"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel8@sha256%3Ac41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399567"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel8@sha256%3Ac8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774587114"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel8-operator@sha256%3Abac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167254"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel8@sha256%3A6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774589220"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel8@sha256%3A7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774405413"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel8@sha256%3Aac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774409723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel8@sha256%3A1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774404039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel8@sha256%3Aeab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774446347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel8-operator@sha256%3A7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel8@sha256%3Ace70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774449833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"product_id": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel8@sha256%3A05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315?arch=arm64\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399119"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel8@sha256%3Af501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774398911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel8@sha256%3Ade9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401522"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel8@sha256%3A299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774573155"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel8@sha256%3Ac3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774414699"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel8@sha256%3A0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774446874"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel8-operator@sha256%3A3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ansible-python-base-rhel8@sha256%3A009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774398095"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ansible-python-toolkit-rhel8@sha256%3Ad91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401376"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel8@sha256%3A7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401023"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel8-operator@sha256%3Ac6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167244"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel8@sha256%3Afe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399338"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel8-operator@sha256%3A0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel8@sha256%3Aa28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774484106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel8@sha256%3A116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774352226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel8-operator@sha256%3A9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167258"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel8@sha256%3Ab829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399567"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel8@sha256%3A1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774587114"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel8-operator@sha256%3Adec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167254"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel8@sha256%3A0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774589220"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel8@sha256%3Ac5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774405413"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel8@sha256%3A21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774409723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel8@sha256%3A8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774404039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel8@sha256%3Ad6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774446347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel8-operator@sha256%3Ac20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel8@sha256%3Af700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774449833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"product_id": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel8@sha256%3A43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99?arch=s390x\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399119"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/aap-must-gather-rhel8@sha256%3Afe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774398911"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ansible-builder-rhel8@sha256%3Ab8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401522"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ansible-dev-tools-rhel8@sha256%3Af1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774573155"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-chatbot-rhel8@sha256%3A2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774414699"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel8@sha256%3A2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774446874"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/lightspeed-rhel8-operator@sha256%3Af1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167211"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ansible-python-base-rhel8@sha256%3A82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774398095"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ansible-python-toolkit-rhel8@sha256%3A34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401376"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel8@sha256%3A48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774401023"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/controller-rhel8-operator@sha256%3A57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167244"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel8@sha256%3A985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399338"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-rhel8-operator@sha256%3Aa23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167149"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/eda-controller-ui-rhel8@sha256%3Abd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774484106"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel8@sha256%3A0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774352226"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gateway-rhel8-operator@sha256%3Ab104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167258"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/gateway-proxy-rhel8@sha256%3A6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399567"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel8@sha256%3A1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774587114"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hub-rhel8-operator@sha256%3A0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167254"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/hub-web-rhel8@sha256%3A20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774589220"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/de-minimal-rhel8@sha256%3Af250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774405413"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/de-supported-rhel8@sha256%3A0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774409723"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ee-minimal-rhel8@sha256%3Ac87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774404039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ee-supported-rhel8@sha256%3A6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774446347"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-rhel8-operator@sha256%3Adf33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774167608"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/platform-resource-runner-rhel8@sha256%3Ab4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774449833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"product": {
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"product_id": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/receptor-rhel8@sha256%3Ae34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1?arch=ppc64le\u0026repository_url=registry.redhat.io/ansible-automation-platform-25\u0026tag=1774399119"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le"
},
"product_reference": "registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64 as a component of Red Hat Ansible Automation Platform 2.5",
"product_id": "Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
},
"product_reference": "registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64",
"relates_to_product_reference": "Red Hat Ansible Automation Platform 2.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-69223",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-06T20:01:19.831548+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427456"
}
],
"notes": [
{
"category": "description",
"text": "A decompression based denial of service flaw has been discovered in the AIOHTTP python library. Library versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: AIOHTTP\u0027s HTTP Parser auto_decompress feature is vulnerable to zip bomb",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69223"
},
{
"category": "external",
"summary": "RHBZ#2427456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a",
"url": "https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg"
}
],
"release_date": "2026-01-05T22:00:17.715000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T22:34:16+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "aiohttp: AIOHTTP\u0027s HTTP Parser auto_decompress feature is vulnerable to zip bomb"
},
{
"cve": "CVE-2026-1615",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-02-09T11:10:57.572082+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437875"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the jsonpath component. This vulnerability allows a remote attacker to achieve arbitrary code execution by supplying a malicious JSON Path expression. The component\u0027s reliance on the `static-eval` module for processing user-supplied input leads to unsafe evaluation. Successful exploitation can result in Remote Code Execution (RCE) in Node.js environments or Cross-site Scripting (XSS) in browser contexts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsonpath: jsonpath: Arbitrary Code Execution via unsafe JSON Path expression evaluation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security team has rated this vulnerability as Important as it may allows arbitrary code execution when processing untrusted JSON Path expressions. This can lead to Remote Code Execution in Node.js environments or Cross-site Scripting in browser contexts. In some contexts it may be possible to remotely exploit this flaw without any privileges. However, within Red Hat products the jsonpath component is used as a transitive dependency or does not directly handle user input. This context reduces exposure and criticality of this vulnerability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1615"
},
{
"category": "external",
"summary": "RHBZ#2437875",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437875"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1615"
},
{
"category": "external",
"summary": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243",
"url": "https://github.com/dchester/jsonpath/blob/c1dd8ec74034fb0375233abb5fdbec51ac317b4b/lib/handlers.js%23L243"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-15141219"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATH-13645034"
}
],
"release_date": "2026-02-09T05:00:09.050000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T22:34:16+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jsonpath: jsonpath: Arbitrary Code Execution via unsafe JSON Path expression evaluation"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T22:34:16+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T22:34:16+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64"
],
"known_not_affected": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T22:34:16+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\nFor details on how to apply this update, refer to:\nhttps://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5#Upgrading",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6308"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:0f8839e5aee29a659fc87dbe1974d52807b02232b12bfae0a9ee75f72f6822d8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:cbed194c572c59551a2b73e61d8c3821df77d5a9ca7d2275062c439996a24eb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:f501719d54fc49e168385702bb0e1d8432b65f129a56a8fe184557a715956196_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/aap-must-gather-rhel8@sha256:fe250f135f03aecf8489c1cee9721b9e48549e19d5a609a3d3284fe7d758a34d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:6fd7c632b981a1b0593c6af234c4b40d1046eabebe41ce29f75e1e010e92226a_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:b8d2a7da8627fa6a020330453c9fee31ba37a8eddd2d014fafa5bf3ed838fb5e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:c264a07ccc7020902897cc9420a76dc590431596fc74696b57e42c2cc658a3f7_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-builder-rhel8@sha256:de9acb254c64d4b5f060867ac81c3c7b92da197bd62914705f47f81c719000f9_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:299e584db6227b51630ff777864b19113e8a1ea8100aa5c1bde092f730f35911_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:3aae092b74e73969f4328e406f804297e44130fea3232db3403db98463e42d9c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:b77247eccd37c9bc29631142605c6fab3af9d23ebf82b43f049664e44193d377_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-dev-tools-rhel8@sha256:f1eb81b968bdee5bbfa48e25718ac574bdda09c2acf726d9f058e0643585d59d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:009336407c386ffb1f5f1bdb7a38256e73b8b2ec97036f8ab84e7293f517ef8e_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:82e4da659d4bbf036bafee5f598602ec32b7b5f8d3d595287dcf418288bf2147_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:8ee6e0938cc2189984009da95ebd6fb4f5946cf9e1f7ef7aae8d6f40dfc7ab36_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-base-rhel8@sha256:90d90e31d0afe833778743baf4eb3527402a65c30fdcce149ff8d4820faa3781_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:34bfde79221d2f824177f72d68a877b63bfe88b1f0562741a2dc212f83cb4e62_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c25356366526086b2e85274793b8e9dadf1a04d35515087d4421c74bb9b4bacf_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:c5923a2649845cc20cdc2d015442d8007e9e0f77522d652d8af389437681c4ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ansible-python-toolkit-rhel8@sha256:d91f808a230d11c3b998cbd703fd8fd043188164f61962b5518cda91ad19712b_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:0d79e8c5f3f36c290006c0adbe7c14f57bad10566017f005ae4073905b170136_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:57bf7919da3de08961e4c151b08dab1c756353a4040d0dd66feb72fcfe1cc8ce_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:6d0a4b9c41713e592707a1b93d48f197977bf9eb05aa5e87a083976720061cbb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8-operator@sha256:c6d21fc02716334ab7f6c48ba7d102965d197209c5a9fd3b41a6ea65b5da0055_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:48f4971662ddb841e25bb610f72ef5f37eddf482b117786595d80d0931448236_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:6ec99dbde70c05dc5fbd64f81779f75ca8a131c0d3865f1be318a4cd8152ed33_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:783723cc28521153aef6aeaee7786f8bb87e01ef738b90b8b5fb2f2b2fb6c780_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/controller-rhel8@sha256:7c13d95770002e16dbd5dc86ea82f6fc5e70828582b928d9e3388ecded90b67a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:7188e3f507cdaa346ed930c158379a67104dbdc74535a2b5a541cea60c03a123_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:85c083ae0b2493347cbf1e5885ad56335b1799e545f136118cfe597f39f3df6e_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:c5079720f6ea2ab7fb6b1acc6fa0c3c5087d91507c2fb21bb5b4ebc57953b4cf_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-minimal-rhel8@sha256:f250376b2a72ff2e0bd866bbd8142c5e071218351ad62c52cd7b7a6f3baab026_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:0a10e9afd9c3d555a36db84f938973f14fb099164b1ba5068f9e5a9cfec51f01_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:1fcab1dccdd7ab7976ac0a57fad193d9411aecdc82cc24752378589978ab3c83_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:21636d382f0a42b7d87d3b1f4ee53bf73e589bb549750d279ca21f96517d7a3d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/de-supported-rhel8@sha256:ac48a386cf9175fa667538475607d8d7444e2d21e77bea8ce8d3bf291c59d4a0_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:0e5a121065f55cb7381d74794dd44b02a564195bca3bdfd9d9a10905fd0995a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:3838ae2045ed11b4bfe2c86675a5bebe4f51971d30322af3721969e3e2fca06f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a23c10d8ea852924e8c89a80cb561b2ed9dbacb13257401181b9b13ddf6786ee_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8-operator@sha256:a592586194e5234cfcc2d783f876713771ac489c530205e87053a60b1dd90e04_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:268a35d7a2bb13547826ec27291d5b48b2abe1d530b49a6085fcdde9410b61f8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:985cf2d3da53a542a87d98e4b698f53cf9b99e1a09e86b206f42c96833c2b35c_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:9cda51df51a24542cd1cd9cd4c072389340d0e678d82236d38c64568cf5d552d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-rhel8@sha256:fe9512b0361734dcaa41b19c4f02b36ec45896ff911dd44a9e821fdd60d30374_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:17c4c5a579c802fc9a4ee935ad723f65c63aa63ce3b5e4a91705c12ec59feca6_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:3b3a79cebad3f9230b476752c3a6dc29b3d5179d0a3fcf90707eaf14da11ae84_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:a28642cbd593dcdd8673c4bdac30da6eafba29e8abc4ddeaa12369177b5052c7_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/eda-controller-ui-rhel8@sha256:bd47ed866c9bee7c22e7fafcb959df87f64abdbea9f38603a377216f99be3b43_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:1254e449d313f5f663d056097b9cddbcd7fce91c7a6448b1d4f57c622d9556b3_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:8523ece411bf1842b9309abc7dea7067a26a0efd6cb0510449a6573df820a45c_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:bde426912de4c15616e3b71408f4760fd12172dc97ce15d5511d0094784643eb_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-minimal-rhel8@sha256:c87feb6c292b8f95cc840237e3a498eaa3198447f11bb3dd652818e1128bf4a4_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:6547c593ea515750150478d442e17f113fb76ec611f6d7c2ff62223e1742a083_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:d6fe585bac62fd646127894dcb9bf55462daf60a22c8721ee44658fbdd3e99a6_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:e8c26f06cca6450dc68a6160a6d1ababdf0992ed9000f27dea5177b813671653_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/ee-supported-rhel8@sha256:eab05f26b14dd06d7e4f5580a873d8bdb18317abf1e82300da089cba5129bdb4_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:049878acbb0f6297eae90180b88b011d00e954285d3197e2c19bc17e82f67523_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:6624a8e702ff2bc3f07b63a8fec42034c48b41bb187818fd4f2dd8a8f60766cb_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:b829b37753a3d14aebf4d114973f843dfc6e4706cf2375408bab8950ab15d2ff_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-proxy-rhel8@sha256:c41ad877f30bc37bd9fe8422c410da12159b8fba7ab9ed0fd174e0d30a1ed125_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:47315b849e1e70f6240f310ed5b6d402f6512973bd94bb70d9138d03b790b1a8_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:8b63224e8726db24bf51a5456ef9ede17299e1d920d57a66c49be8a03d3485ed_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:9a20dbc471286e91b2687c22b692a335b287f8eaba817c0f4b6c31b42a669b94_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8-operator@sha256:b104daa98ef64f2be52d0066ca490a98ef3380a4516038711972be8c01a16571_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:0b65799b577e98beaa59b850028bbfc2d2b112465d1661cd6ab90fb0dd296695_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:116d10699e27737b256b1ccd035c65334696553d107c1002eb85be69aec4c65a_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:78bb5cce2e05156b39a961747174a819c945298fb2f444ef321de6f2bbd5ac5b_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/gateway-rhel8@sha256:9b3fd70beaca874656c8e051fa6b3f04b8cbc99e61278a953832637c8c0fb18a_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:0997e7c2515f817d857c9c3dc157f7adec41553adfc3a22913bd65c90b1c9924_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:bac6445179c1c27314e958b41b3d67b1d34dcb05ac9a360a8fe297ab631d64f7_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:d55d0744741b5fcd00107cc2a443dec11696a5daa453a4d992f1e15c3f4708b2_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8-operator@sha256:dec36413a14d42948aa73339aaba4e5b22f38ddc364436c66ab9d1a8aac465b3_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1074bbb8a68b75e8c8635bc622bf059cf0ae5bf582d48af31eca9bfc4f4787e8_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:1d1f1078e7a5d916a6df61d83b6c38512a4f1e6ca71d91212fd539aa3be4d8ed_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:c8fd574a2ddb034be88d78b49ae22de5fea68679c0a9f1f3e24583ef118fb532_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-rhel8@sha256:f1abc733921423176ccd6bc3b31093c151b84bdfa9a82b1f640a540edbfbf358_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:0bdf70b361111ad28cc4c5a38a52fb7557a7256c45d31b9c187fba4213c1080d_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:20537bc868859605ba1a227b8ffaa4523c03b67093e71e910d8cb3b8fbe0392d_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:6481c675623cee9bcabd4a1c3a04d169c46e103c944af5ef69a75fc9bd69dfb8_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/hub-web-rhel8@sha256:e474929fa188b73d80eee028cd51e54f07157e587071cf60109f4398ea4dce30_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:2f9ec28f18893b516b9dadcce88a8efaa908e916305f7b802f250c2283c37cb5_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:3e61238b7400447dfd7999d053e7f701d7c84d62e4a0ef29950c39f3843fb467_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:9bbe1c621a8ee4c960e945c0f1a57c89654314435ea00083abbeb390991c62bb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-chatbot-rhel8@sha256:c3451ed3202ea6b8328f1cacd4fe0205df1fa0d3eec3a960873ec493e9d49d67_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:3cbb5b8c06d7911476e411419ff88a02126e0a6f4f514247e112afc9f939c80f_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:433143f26cf3ebbc1e6492d8e6b96a0fe82dbb46a54859e9a10fef1e5f71842d_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:c7b4a67cf4b2a1fece30e67d57c67d850d6f9866cf6fc39206b4ca09956e4deb_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8-operator@sha256:f1d3f1a1c0396fa4f3b5496af6a6d2dfc231c8d8bc453774b2c4319bfd00b96e_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:0682e9e4bc9ad2b2b564fa2fa8b022e46729b27e26ec7b14ed2f1fae3e52a0d1_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:2f25f26750ceac18fd9c059eb3f11cc400dc0160d9ca78eded86af360c81d201_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:360d270a9167d79e297b050093209bcc9e0d854045b9ba116192073ce44c662c_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/lightspeed-rhel8@sha256:7d75c8ac498141ba26b4a927dbc4b4426a566da5ba09d4e0017fbf715bd05b27_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:7686b10f4f4091c5e56ce58c6c12f6cff0b7d5fd526fd606e92abf75eb6b13c2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:c20cc51275c70431b1e730ca48a82942c5385bba90aeb514e01fd3e142c158d0_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:df33172c1cb33952183c80ab0f86c5f414a5103b9eb0757f744103678a6992ff_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-rhel8-operator@sha256:e0c6a368dc6da0906c102aa3587b297e7fe4d4072b5b019a2f3e1a0d54c8053b_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:5596feea40bd5eaf4e97a7eb33c4e7069e802fc921e1fa5fd65b7db9ff99637f_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:b4bf1128add34cd02dbb769b2445af2491cb1fe3b23d8aaecdff3044ecb889be_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:ce70350c29cfb97ebfa8f0782b6c193c1693704cc184c039329df915aeeaaaa2_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/platform-resource-runner-rhel8@sha256:f700beaf7b8466e958876ea71762439e9b7224f34f066a72e3454b7ab450e0cb_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:05a079835148d3cb9357e0c911ba78646748c4373b4f39cb995fc6f6a1d35315_arm64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:43e267abfa4d52a2fb3677406ee8c7a44cb7ddecb94fe13b852546eb4a8c2b99_s390x",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:b8ad28fb112c9f076499050ed7f27e1fce701bbc9cf3c1835c113a6a0bd9e915_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform-25/receptor-rhel8@sha256:e34860aa425dc582c6e2214d5762a31e84f62d905469b3f130fc3980a03c36b1_ppc64le",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:8a3978970e82e80c57d44ef3187049eaf58b715460442363a239bf023db64791_amd64",
"Red Hat Ansible Automation Platform 2.5:registry.redhat.io/ansible-automation-platform/platform-operator-bundle@sha256:bc8fc8ba010f7e49b2c9a1b8994d6de05650f8028b2c6dbb0db3e721ed53cdef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
}
]
}
RHSA-2026:4942
Vulnerability from csaf_redhat - Published: 2026-03-18 16:21 - Updated: 2026-03-31 22:57Summary
Red Hat Security Advisory: Red Hat Quay 3.12.15
Severity
Critical
Notes
Topic: Red Hat Quay 3.12.15 is now available with bug fixes.
Details: Quay 3.12.15
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
7.1 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker's key, allowing them to bypass authentication and gain unauthorized access.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:4942
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.12.15 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.12.15",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4942",
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61729",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4942.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.12.15",
"tracking": {
"current_release_date": "2026-03-31T22:57:02+00:00",
"generator": {
"date": "2026-03-31T22:57:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:4942",
"initial_release_date": "2026-03-18T16:21:15+00:00",
"revision_history": [
{
"date": "2026-03-18T16:21:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-18T16:21:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-31T22:57:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.12",
"product": {
"name": "Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.12::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773766026"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aa5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765999"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ac3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772132933"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Af4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773775889"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Af15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Add1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ad547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765467"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773765477"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054202"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772054192"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773761676"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ae39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773771962"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64 as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x as a component of Red Hat Quay 3.12",
"product_id": "Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-27962",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-16T18:02:07.041902+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.\n\nThe impact for Red Hat Quay is rated as low because it imports authlib solely as a JWK parsing utility and performs all JWT signature verification through PyJWT, so the vulnerable jws.deserialize_compact() code path is never called.\n\nRed Hat OpenShift AI is not affected, since authlib is only present as a transitive dependency in the dev dependency group and is not included in production image builds, so the vulnerable code is not present in the shipped product.\n\nRed Hat Satellite is not affected, as authlib is only present as a dependency of fastmcp. In Satellite, fastmcp only invokes authlib using jwt.decode() which isn\u0027t able to reach the vulnerability condition even with key=none.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "RHBZ#2448164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
}
],
"release_date": "2026-03-16T17:34:38.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-18T16:21:15+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4942"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:44efb07888bff09040aa413babedb3eed6ae9f329cb923ae9e09f2c65c507dd3_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:6421325d2c7f726c34e365442ba15e8dce873aa4b3087239c0d6514feb702d6d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:9ca58008c4b6d439afa2d9286252c85c1845ca4764e9c5e914ffbbc12684178e_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/clair-rhel8@sha256:d547771f59990e5f90668bdb967120d92c6b12e6b6666f935510ae839a5b8f46_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:5c95eca6b2fb921c444c04c03cff58a301ce8d127b43369e4791b3295c06f95c_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:26718ccb95dc9c16e9a68affd07c8f1ad9c4e5c86164827278aa165f7e047d2c_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:60b48ecb4c6d6769ad65b841142affc252abd5bb484532f8063097f13ba311db_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:80315fc3e515b6824fea23d86995354821089da0433696024a091e79e8526dad_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:f15f0ecb4db302df6d1cfbd7982b92e4911b774ed718c4ae6c6bf454154bcb1d_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c3fcc8881b3cc3f44cd0f50825366b1e2462386ade01c6d7f50957720a2cb0ee_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:15a526a64adaaa0d711e1f6f91d92e7a31385ea5596bd80cd61d01b247899309_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:1dd39e160ca0759d55e636d7a849fb3c89dbf5d52484e3059e3c8a4ef251b4ce_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:4c1bce7e8d7de7fd8cfd98de842a6efd75c3c8f1add02646b6bc0b427a1d55f7_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-builder-rhel8@sha256:821a1a8274bed06ef5cf595656d919a2f0171fc2eaad04897b526159752d3066_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:04536d34e96ea1a8a5e3f54d55f1483bd017cdae867790e10ae18f6e4443d282_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:041f90dc8ecb773ba6c09d0a5f0b3660c5c4e81f1641bd823b37c7e33d966bca_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:66a357f4f825a657b8f0548901aef392421726e8bf2085806d15bbb9a6eb70bd_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6c90db8ea68ed0afd44aed2f773a8aea115c028fe6635ea87020d3e3fcb4fb90_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:a5c4bfea66cf0109f309bf70391748febdbb01c576ab5ec6a77be0d7729de13f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-bundle@sha256:f4777e6f609dc915c82a0b69a07bf7bbefb8762ed0012b5e45a3a5de858592b9_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:1f87190bc1a9a0d5854572b6d39a00069b95c79cfe7c63a4562aa7fcbcee4c83_s390x",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:448968df737e1fe9efbe549ce6cded18b2a6c544b96aa4550f15f7d803d4a2af_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:48ca0b3afbfdc52d0407f2e3d62addffc65ac1f71abac7ebb643a52138753a93_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-operator-rhel8@sha256:dd1db128bff6a9784c185e3f3ce5304a089489cb52b23212a8457f275d779ec1_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f_amd64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:4076a739c16c0567def8339bff5e8adca2f995217ae55428061cd0136a7e7a21_arm64",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:56bcc55b01c76a1eb7ad8b265cf9dfdd488fc62bc353e3822864a0f6c4f98ffb_ppc64le",
"Red Hat Quay 3.12:registry.redhat.io/quay/quay-rhel8@sha256:e39ee513b081c979409b52c41db9222496868b3910c01b5c04de6f3206f467b5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
RHSA-2026:5665
Vulnerability from csaf_redhat - Published: 2026-03-24 18:02 - Updated: 2026-03-31 22:57Summary
Red Hat Security Advisory: Red Hat Quay 3.10.19
Severity
Important
Notes
Topic: Red Hat Quay 3.10.19 is now available with bug fixes.
Details: Quay 3.10.19
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.
7.4 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker's key, allowing them to bypass authentication and gain unauthorized access.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a "none" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2026:5665
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.10.19 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.10.19",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:5665",
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61726",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61728",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-68121",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25639",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26007",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-26996",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27606",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27628",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27904",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-28802",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_5665.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.10.19",
"tracking": {
"current_release_date": "2026-03-31T22:57:12+00:00",
"generator": {
"date": "2026-03-31T22:57:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:5665",
"initial_release_date": "2026-03-24T18:02:58+00:00",
"revision_history": [
{
"date": "2026-03-24T18:02:58+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-24T18:03:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-31T22:57:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.1",
"product": {
"name": "Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.10::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774022275"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021695"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774022278"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3Afe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021704"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772739218"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772726823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Acaa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Ae165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774022285"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ade004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021722"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Ac0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1773971077"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021695"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021704"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Aba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772726823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021722"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1773971077"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Aedd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021695"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021704"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772726823"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ad59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1772725047"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1774021722"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Af6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1773971077"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64 as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"relates_to_product_reference": "Red Hat Quay 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x as a component of Red Hat Quay 3.1",
"product_id": "Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x",
"relates_to_product_reference": "Red Hat Quay 3.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61728",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:39.965024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434431"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A Go application processing a malicious archive can become unresponsive or crash, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker needs to be able to process a malicious zip archive with an application using the archive/zip package. Additionally, this vulnerability can cause a Go application to consume an excessive amount of CPU and memory, eventually resulting in a denial of service with no other security impact. Due to these reasons, this flaw has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61728"
},
{
"category": "external",
"summary": "RHBZ#2434431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434431"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61728"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61728"
},
{
"category": "external",
"summary": "https://go.dev/cl/736713",
"url": "https://go.dev/cl/736713"
},
{
"category": "external",
"summary": "https://go.dev/issue/77102",
"url": "https://go.dev/issue/77102"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4342",
"url": "https://pkg.go.dev/vuln/GO-2026-4342"
}
],
"release_date": "2026-01-28T19:30:31.354000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, implement a timeout in your archive/zip processing logic to abort the operation if it exceeds a few seconds, preventing the application from consuming an excessive amount of resources.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-26007",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-02-10T22:01:01.036116+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438762"
}
],
"notes": [
{
"category": "description",
"text": "A validation flaw has been discovered in the python cryptography package. This missing validation allows an attacker to provide a public key point P from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as S = [victim_private_key]P via ECDH, this leaks information about victim_private_key mod (small_subgroup_order). For curves with cofactor \u003e 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it\u0027s easy to forge signatures on the small subgroup. Only SECT curves are impacted by this.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26007"
},
{
"category": "external",
"summary": "RHBZ#2438762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26007"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26007"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c",
"url": "https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"
},
{
"category": "external",
"summary": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2",
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2"
}
],
"release_date": "2026-02-10T21:42:56.471000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves"
},
{
"cve": "CVE-2026-26996",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-20T04:01:11.896063+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2441268"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this Regular Expression Denial of Service (ReDoS) vulnerability by providing a specially crafted glob pattern. This pattern, containing numerous consecutive wildcard characters, causes excessive processing and exponential backtracking in the regular expression engine. Successful exploitation leads to a Denial of Service (DoS), making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: minimatch: Denial of Service via specially crafted glob patterns",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-26996"
},
{
"category": "external",
"summary": "RHBZ#2441268",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26996"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5",
"url": "https://github.com/isaacs/minimatch/commit/2e111f3a79abc00fa73110195de2c0f2351904f5"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-3ppc-4f35-3m26"
}
],
"release_date": "2026-02-20T03:05:21.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: minimatch: Denial of Service via specially crafted glob patterns"
},
{
"cve": "CVE-2026-27606",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-02-25T04:01:24.449922+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442530"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface (CLI) inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences (`../`), an attacker can overwrite files anywhere on the host filesystem where the build process has write permissions. This vulnerability can lead to persistent remote code execution (RCE) by overwriting critical system or user configuration files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27606"
},
{
"category": "external",
"summary": "RHBZ#2442530",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442530"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27606"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27606"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2",
"url": "https://github.com/rollup/rollup/commit/c60770d7aaf750e512c1b2774989ea4596e660b2"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e",
"url": "https://github.com/rollup/rollup/commit/c8cf1f9c48c516285758c1e11f08a54f304fd44e"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3",
"url": "https://github.com/rollup/rollup/commit/d6dee5e99bb82aac0bee1df4ab9efbde455452c3"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v2.80.0",
"url": "https://github.com/rollup/rollup/releases/tag/v2.80.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v3.30.0",
"url": "https://github.com/rollup/rollup/releases/tag/v3.30.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/releases/tag/v4.59.0",
"url": "https://github.com/rollup/rollup/releases/tag/v4.59.0"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-mw96-cpmx-2vgc"
}
],
"release_date": "2026-02-25T02:08:06.682000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability"
},
{
"cve": "CVE-2026-27628",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-02-25T04:02:09.864561+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442543"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27628"
},
{
"category": "external",
"summary": "RHBZ#2442543",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27628"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27628"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f",
"url": "https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/issues/3654",
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"category": "external",
"summary": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
}
],
"release_date": "2026-02-25T02:45:37.543000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-27962",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-16T18:02:07.041902+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.\n\nThe impact for Red Hat Quay is rated as low because it imports authlib solely as a JWK parsing utility and performs all JWT signature verification through PyJWT, so the vulnerable jws.deserialize_compact() code path is never called.\n\nRed Hat OpenShift AI is not affected, since authlib is only present as a transitive dependency in the dev dependency group and is not included in production image builds, so the vulnerable code is not present in the shipped product.\n\nRed Hat Satellite is not affected, as authlib is only present as a dependency of fastmcp. In Satellite, fastmcp only invokes authlib using jwt.decode() which isn\u0027t able to reach the vulnerability condition even with key=none.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "RHBZ#2448164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
}
],
"release_date": "2026-03-16T17:34:38.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
},
{
"cve": "CVE-2026-28802",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-06T07:01:49.366979+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445120"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library for building OAuth and OpenID Connect servers. A remote attacker can exploit this vulnerability by crafting a malicious JSON Web Token (JWT) with a \"none\" algorithm and an empty signature. This bypasses the expected signature verification, potentially allowing the attacker to forge tokens and gain unauthorized access or perform unauthorized actions within applications using Authlib.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-28802"
},
{
"category": "external",
"summary": "RHBZ#2445120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445120"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-28802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28802"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28802"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75",
"url": "https://github.com/authlib/authlib/commit/a61c2acb807496e67f32051b5f1b1d5ccf8f0a75"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7",
"url": "https://github.com/authlib/authlib/commit/b87c32ed07b8ae7f805873e1c9cafd1016761df7"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-7wc2-qxgw-g8gg"
}
],
"release_date": "2026-03-06T06:44:26.402000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-24T18:02:58+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:5665"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:733de3a7351b69265aee8d12c7fe65f60e099c923510758a75c8800409126c41_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:caa20d6002cfd42dc4ab86dee5dde07da0a7e1dcc310c9be33bf28a2df1ef82b_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/clair-rhel8@sha256:d59935575d41174ccd39a7d7610b44d7e6afa0f56041bdefa40bc7ad4e1c837f_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:042530fcf03002da68993546ee82f483f387bd09ffe5fefaad9344b80ee842b1_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3fb6c2af69237c3ff2cd326bc655028392a2d11c9162b85a9c4a762cbe7d044b_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:4d88d159b8a0e46a8508735f555179c6b08caef62d42e5fb676fdac10e333f58_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:fe1c94521b952469093c28ca9805c6758b4ac2ec6e3aa2a2001645e304949a21_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:443977ffd46161f026a30edfb8735139b7c430ca7b054b71ada75fc251226c99_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:5558d6af86f65a79c88f1ffe290b49219d0f00c93ec8a03f0e81d0e9e13501fc_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:9e96b505901615f671d5b99094bda544ecbce32a3772125f2baf5f0ea67d5687_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-builder-rhel8@sha256:ba56dd8ef744ea12e21ade86c91a9faca072e39256f98edd677a419eeae8e7a0_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:7e7559212648d972eec26d27cad42b1f93fefcc61c6ab884a730a48c81574734_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:6bf4ab153aa99b67b1e3fe0cbf0fa3e3694d3394c957fc03a5578d03cb2e88bc_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:720000552d67523e437f0638abf185ae32040f1437225fc461be499490494ce7_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:edd76ba97d059e00755472146df0c84ff441c77e7cea12b9f5cd460f0c30e942_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-bundle@sha256:e165eed009ce74a4ad2de04ff1cbbcf9eabb3900bef6de3dd2483e484e9e10b3_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0731cf4122bec0cef7c4f05ee19fe43871d977515c91e0decce981abeab85af6_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:0c8ad49237e784b6bcaf48c62928533a231026b1605926edee0313d3a83c10c4_s390x",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-operator-rhel8@sha256:de004a925cd7fdae3ba4698165c0a4e814607b6f33d2f7154c8d79b76c826dd7_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e_ppc64le",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:c0d00643c4ac6f84e5327192a29c6353b5dcac34d483d0a3e5f39d366127fcc2_amd64",
"Red Hat Quay 3.1:registry.redhat.io/quay/quay-rhel8@sha256:f6a231ebb14c74e194a8091822fe6a981e1cec92d223e04e6d0f12b60206259a_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "authlib: Authlib: Signature verification bypass via malicious JWT allows unauthorized access"
}
]
}
RHSA-2026:3462
Vulnerability from csaf_redhat - Published: 2026-02-27 14:55 - Updated: 2026-03-31 22:56Summary
Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (ROCm)
Severity
Critical
Notes
Topic: Red Hat AI Inference Server 3.2.2 (ROCm) is now available.
Details: Red Hat® AI Inference Server
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in ray. The job submission API allows a remote attacker to execute arbitrary code due to insufficient input validation. An unauthenticated attacker can trigger this vulnerability by sending a malicious job submission request. Successful exploitation results in arbitrary code execution on the affected Ray cluster.
CWE-918 - Server-Side Request Forgery (SSRF)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.
CWE-1188 - Initialization of a Resource with an Insecure Default
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
8.1 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.
7.1 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.
7.7 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.
7.8 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).
5.6 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in libxstl/libxml2. The 'exsltDynMapFunction' function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling 'dyn:map()', leading to stack exhaustion and a local denial of service.
6.2 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the 'ulimit' shell built-in or the 'limits.conf' file.
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
8.8 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.
9.8 (Critical)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.
A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
This flaw can be mitigated when using the client only connecting to trusted servers.
A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console bind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.
8.2 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Potential mitigations for this issue include:
* Using user namespaces, with the host root user not mapped into the container's namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.
* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.
* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.
* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.
A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.
4.1 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.
4.1 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.
5.3 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.
A flaw was found in vLLM’s API token authentication logic, where token comparisons were not performed in constant time. This weakness could allow an attacker to exploit timing differences to guess valid tokens and bypass authentication.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the server implementation of vLLM, where the handling of Jinja templates does not properly validate user-supplied input through the chat_template and chat_template_kwargs parameters. When a specially crafted template is processed, it can trigger excessive looping or recursion inside the Jinja engine, consuming large amounts of CPU and memory. This can cause the server to become unresponsive or crash, resulting in a denial-of-service (DoS) condition for applications using vLLM.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.
8.8 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor’s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A vulnerability in vLLM allows an authenticated user to trigger unintended tokenization during chat template processing by supplying crafted chat_template_kwargs to the /v1/chat/completions or /tokenize endpoints. By forcing the server to tokenize very large inputs, an attacker can block the API server’s event loop for extended periods, causing a denial of service and delaying all other requests.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A flaw was found in Ray’s HTTP API endpoint handling (e.g. /api/jobs, /api/job_agent/jobs/), which allows a remote attacker to trigger arbitrary code execution when a developer using Ray visits a malicious website in a vulnerable browser (e.g. Firefox or Safari). The root cause is an insufficient defense relying solely on the User-Agent header starting with “Mozilla”, which can be manipulated under the fetch specification — enabling a DNS-rebinding attack to bypass browser-based protections.
8.8 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A denial of service vulnerability has been discovered in the python Starlette framework. an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette's FileResponse Range parsing/merging logic. This induces CPU exhaustion per request, causing a denial‑of‑service for endpoints serving files.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model's configuration, even when explicit security measures are set to prevent it.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
A decompression based denial of service flaw has been discovered in the AIOHTTP python library. Library versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in protobuf. A remote attacker can exploit this denial-of-service (DoS) vulnerability by supplying deeply nested `google.protobuf.Any` messages to the `google.protobuf.json_format.ParseDict()` function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python’s recursion stack and causing a `RecursionError`, which results in a denial of service.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
7.5 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted 1x1 pixel image to a vLLM engine serving multimodal models that use the Idefics3 vision model implementation. This leads to a tensor dimension mismatch, causing an unhandled runtime error and resulting in complete server termination, effectively a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM's multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the effectiveness of Address Space Layout Randomization (ASLR). This information disclosure can then be chained with a heap overflow vulnerability to achieve remote code execution.
9.8 (Critical)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability allows a remote attacker to achieve arbitrary code execution on the vLLM host during model loading. This occurs because vLLM loads Hugging Face `auto_map` dynamic modules without properly validating the `trust_remote_code` setting. By influencing the model repository or path, an attacker can execute malicious Python code at server startup, even before any API requests are handled.
8.8 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
To mitigate this issue, ensure that vLLM instances are configured to load models only from trusted and verified repositories. Restrict access to the model repository path to prevent unauthorized modification or introduction of malicious code. Implement strict access controls and integrity checks for all model sources.
A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.
7.1 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in Python-Multipart, a tool for parsing multipart form data in Python applications. This vulnerability, known as path traversal, allows a remote attacker to write uploaded files to any location on the server's file system. This exploitation occurs when specific non-default configuration options, `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`, are enabled, and a malicious filename is provided during a file upload. The primary consequence is unauthorized file creation or modification, which could lead to system compromise.
8.6 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
To mitigate this vulnerability, avoid enabling the `UPLOAD_KEEP_FILENAME=True` configuration option in applications using `python-multipart`. This option, when used with `UPLOAD_DIR`, allows an attacker to write files to arbitrary locations. Disabling or not configuring `UPLOAD_KEEP_FILENAME=True` prevents the path traversal vulnerability.
A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class, specifically within the load_from_url and load_from_url_async methods. An attacker can exploit differing interpretations of backslashes by Python parsing libraries used for host restrictions to bypass these restrictions. This allows the attacker to force the vLLM server to make arbitrary requests to internal network resources, potentially leading to information disclosure, denial of service, or unauthorized access within containerized environments.
7.1 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
To mitigate this issue, restrict network access to the vLLM service to only trusted clients. Implement strict network segmentation for vLLM pods in containerized environments to limit potential lateral movement. Ensure that vLLM instances are not exposed to untrusted external networks without proper access controls and input validation at the perimeter.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:3462
https://access.redhat.com/errata/RHSA-2026:3462
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Acknowledgments
Ronald Crane
AnchorSec Ltd.
Gareth C
jub0bs
keymoon
Ga_ryo
Isotr0py
DarkLight1337
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server 3.2.2 (ROCm) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3462",
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-48022",
"url": "https://access.redhat.com/security/cve/CVE-2023-48022"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-52355",
"url": "https://access.redhat.com/security/cve/CVE-2023-52355"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-52356",
"url": "https://access.redhat.com/security/cve/CVE-2023-52356"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56433",
"url": "https://access.redhat.com/security/cve/CVE-2024-56433"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-15467",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22869",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-47906",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-52565",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5318",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53905",
"url": "https://access.redhat.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-53906",
"url": "https://access.redhat.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59375",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59425",
"url": "https://access.redhat.com/security/cve/CVE-2025-59425"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61620",
"url": "https://access.redhat.com/security/cve/CVE-2025-61620"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62164",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62372",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6242",
"url": "https://access.redhat.com/security/cve/CVE-2025-6242"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62426",
"url": "https://access.redhat.com/security/cve/CVE-2025-62426"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62593",
"url": "https://access.redhat.com/security/cve/CVE-2025-62593"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-62727",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66448",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66506",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69223",
"url": "https://access.redhat.com/security/cve/CVE-2025-69223"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6965",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8176",
"url": "https://access.redhat.com/security/cve/CVE-2025-8176"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9230",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9714",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9900",
"url": "https://access.redhat.com/security/cve/CVE-2025-9900"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-0994",
"url": "https://access.redhat.com/security/cve/CVE-2026-0994"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22773",
"url": "https://access.redhat.com/security/cve/CVE-2026-22773"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22778",
"url": "https://access.redhat.com/security/cve/CVE-2026-22778"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22807",
"url": "https://access.redhat.com/security/cve/CVE-2026-22807"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24049",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24486",
"url": "https://access.redhat.com/security/cve/CVE-2026-24486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-24779",
"url": "https://access.redhat.com/security/cve/CVE-2026-24779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3462.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (ROCm)",
"tracking": {
"current_release_date": "2026-03-31T22:56:50+00:00",
"generator": {
"date": "2026-03-31T22:56:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:3462",
"initial_release_date": "2026-02-27T14:55:49+00:00",
"revision_history": [
{
"date": "2026-02-27T14:55:49+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-27T14:55:54+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-31T22:56:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64",
"product_id": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/vllm-rocm-rhel9@sha256%3A53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=1772160625"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-48022",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2025-08-07T17:35:20.588000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2387122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ray. The job submission API allows a remote attacker to execute arbitrary code due to insufficient input validation. An unauthenticated attacker can trigger this vulnerability by sending a malicious job submission request. Successful exploitation results in arbitrary code execution on the affected Ray cluster.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ray: Ray Job Submission Arbitrary Code Execution",
"title": "Vulnerability summary"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-48022"
},
{
"category": "external",
"summary": "RHBZ#2387122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-48022",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48022"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48022",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48022"
}
],
"release_date": "2025-08-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ray: Ray Job Submission Arbitrary Code Execution"
},
{
"cve": "CVE-2023-52355",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2023-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251326"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-memory flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFRasterScanlineSize64() API. This flaw allows a remote attacker to cause a denial of service via a crafted input with a size smaller than 379 KB.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The identified out-of-memory vulnerability in libtiff, triggered by a crafted TIFF file passed to the TIFFRasterScanlineSize64() API, presents a moderate severity concern rather than a important one due to several factors. Primarily, the exploit requires the crafted input to be smaller than 379 KB, imposing a limitation on the potential impact and reducing the likelihood of successful exploitation in practical scenarios. Furthermore, the nature of the vulnerability is limited to denial-of-service attacks, which, although disruptive, do not inherently pose a direct risk of data compromise or system compromise. However, it\u0027s important to acknowledge that denial-of-service attacks can still have significant operational implications, particularly in environments reliant on continuous availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-52355"
},
{
"category": "external",
"summary": "RHBZ#2251326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-52355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52355"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-52355",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52355"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/621",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/621"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtiff: TIFFRasterScanlineSize64 produce too-big size and could cause OOM"
},
{
"cve": "CVE-2023-52356",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2023-11-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2251344"
}
],
"notes": [
{
"category": "description",
"text": "A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw allows an attacker to potentially cause a denial of service attack by crashing a program, but the impact is minimal.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-52356"
},
{
"category": "external",
"summary": "RHBZ#2251344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2251344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-52356",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52356"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-52356",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52356"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/622",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/622"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/546"
}
],
"release_date": "2023-11-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service"
},
{
"cve": "CVE-2024-56433",
"cwe": {
"id": "CWE-1188",
"name": "Initialization of a Resource with an Insecure Default"
},
"discovery_date": "2024-12-26T09:00:54.065197+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2334165"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in shadow-utils. Affected versions of shadow-utils establish a default /etc/subuid behavior, for example, uid 100000 through 165535 for the first user account, that can conflict with the uids of users defined on locally administered networks. This issue potentially leads to account takeover by leveraging newuidmap for access to an NFS home directory or same-host resources for remote logins by these local network users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56433"
},
{
"category": "external",
"summary": "RHBZ#2334165",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2334165"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56433",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56433"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56433"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241",
"url": "https://github.com/shadow-maint/shadow/blob/e2512d5741d4a44bdd81a8c2d0029b6222728cf0/etc/login.defs#L238-L241"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/issues/1157",
"url": "https://github.com/shadow-maint/shadow/issues/1157"
},
{
"category": "external",
"summary": "https://github.com/shadow-maint/shadow/releases/tag/4.4",
"url": "https://github.com/shadow-maint/shadow/releases/tag/4.4"
}
],
"release_date": "2024-12-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise"
},
{
"acknowledgments": [
{
"names": [
"Ronald Crane"
]
}
],
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-05-29T06:48:59.169000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2369131"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libssh: out-of-bounds read in sftp_handle()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue requires an attacker with valid credentials to access a server, limiting the scope to legitimate users of the SFTP service. Due to this reason, this flaw has been rated with a Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5318"
},
{
"category": "external",
"summary": "RHBZ#2369131",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369131"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5318",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"
},
{
"category": "external",
"summary": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt",
"url": "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"
}
],
"release_date": "2025-06-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libssh: out-of-bounds read in sftp_handle()"
},
{
"cve": "CVE-2025-6242",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2025-06-18T15:26:47.633000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373716"
}
],
"notes": [
{
"category": "description",
"text": "A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project\u0027s multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: Server Side request forgery (SSRF) in MediaConnector",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated as having the severity of Important by the Red Hat Product Security team as a successful exploitation by an attacker may lead to confidential data being leaked or a denial of service. Additionally the fact a unprivileged user can trigger this vulnerability through the network also contributes for the severity.\n\nThis vulnerability has its risk amplified on orchestrated environments as pods running the vLLM may eventually communicate with each other through internal cluster routing, including services that should not have been exposed to external networks. An attacker may leverage this flaw to interact with internal services, perform network reconnaissance or trigger a denial of service by leading other internal services to fail.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6242"
},
{
"category": "external",
"summary": "RHBZ#2373716",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373716"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6242"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6242",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6242"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-3f6c-7fw2-ppm4"
}
],
"release_date": "2025-10-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: Server Side request forgery (SSRF) in MediaConnector"
},
{
"cve": "CVE-2025-6965",
"cwe": {
"id": "CWE-197",
"name": "Numeric Truncation Error"
},
"discovery_date": "2025-07-15T14:02:19.241458+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380149"
}
],
"notes": [
{
"category": "description",
"text": "A memory corruption flaw was found in SQLite. Under specific conditions a query can be generated where the number of aggregate terms could exceed the number of columns available. This issue could lead to memory corruption and subsequent unintended behavior.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sqlite: Integer Truncation in SQLite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in SQLite is categorized as Important rather than Critical because, although it involves memory corruption, the conditions required to trigger it are relatively constrained. The flaw arises when a query causes the number of aggregate terms to exceed internal limits, leading to potential buffer overflows or memory mismanagement. However, exploitation requires the ability to craft complex SQL queries and interact with the SQLite engine in a specific manner\u2014typically through direct SQL input. There is no known evidence of arbitrary code execution, privilege escalation, or remote exploitability as a direct result of this flaw. Additionally, most SQLite deployments are embedded in applications where input is tightly controlled or sanitized.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6965"
},
{
"category": "external",
"summary": "RHBZ#2380149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380149"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6965",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6965"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6965"
},
{
"category": "external",
"summary": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL"
},
{
"category": "external",
"summary": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8",
"url": "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8"
}
],
"release_date": "2025-07-15T13:44:00.784000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sqlite: Integer Truncation in SQLite"
},
{
"cve": "CVE-2025-8176",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-07-26T04:00:56.216434+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2383598"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtiff. The `get_histogram` function in `file/tiffmedian.c` exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: LibTIFF Use-After-Free Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has been rated Important because it involves a use-after-free flaw in the get_histogram function of LibTIFF\u2019s tiffmedian tool. Successful exploitation may allow a local attacker to execute arbitrary code or cause a denial of service, leading to loss of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8176"
},
{
"category": "external",
"summary": "RHBZ#2383598",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2383598"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8176"
},
{
"category": "external",
"summary": "http://www.libtiff.org/",
"url": "http://www.libtiff.org/"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172",
"url": "https://gitlab.com/libtiff/libtiff/-/commit/fe10872e53efba9cc36c66ac4ab3b41a839d5172"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/707",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/707"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/727"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.317590",
"url": "https://vuldb.com/?ctiid.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.317590",
"url": "https://vuldb.com/?id.317590"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.621796",
"url": "https://vuldb.com/?submit.621796"
}
],
"release_date": "2025-07-26T03:32:08.851000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: LibTIFF Use-After-Free Vulnerability"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-17T12:15:34.387000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396054"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL CMS implementation (RFC 3211 KEK Unwrap). This vulnerability allows memory corruption, an application level denial of service, or potential execution of attacker-supplied code via crafted CMS messages using password-based encryption (PWRI).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability was rated as Moderate because, while the potential impact includes an application level denial of service and possible arbitrary code execution, successful exploitation is considered unlikely due to the high attack complexity and the fact that password-based CMS encryption (PWRI) is rarely used in real-world deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9230"
},
{
"category": "external",
"summary": "RHBZ#2396054",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396054"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9230",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9230"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230"
}
],
"release_date": "2025-09-30T23:59:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap"
},
{
"cve": "CVE-2025-9714",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2025-09-02T13:03:56.452000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392605"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxstl/libxml2. The \u0027exsltDynMapFunction\u0027 function in libexslt/dynamic.c does not contain a recursion depth check, which may cause an infinite loop via a specially crafted XSLT document while handling \u0027dyn:map()\u0027, leading to stack exhaustion and a local denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "No evidence was found for arbitrary memory corruption through this flaw, limiting its impact to Availability only, and reducing its severity to Moderate.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9714"
},
{
"category": "external",
"summary": "RHBZ#2392605",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392605"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9714",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9714"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9714"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/commit/677a42645ef22b5a50741bad5facf9d8a8bc6d21"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/148"
}
],
"release_date": "2025-09-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "The impact of this flaw may be reduced by setting strict resource limits to the stack size of processes at the operational system level. This can be achieved either through the \u0027ulimit\u0027 shell built-in or the \u0027limits.conf\u0027 file.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c"
},
{
"acknowledgments": [
{
"names": [
"Gareth C"
],
"organization": "AnchorSec Ltd."
}
],
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"discovery_date": "2025-09-03T02:48:12.111000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Libtiff. This vulnerability is a \"write-what-where\" condition, triggered when the library processes a specially crafted TIFF image file.\n\nBy providing an abnormally large image height value in the file\u0027s metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtiff: Libtiff Write-What-Where",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This attack requires user interaction to run the malicious TIFF image file, hence the CVE is maintained as important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9900"
},
{
"category": "external",
"summary": "RHBZ#2392784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9900",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9900"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9900"
},
{
"category": "external",
"summary": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file",
"url": "https://github.com/SexyShoelessGodofWar/LibTiff-4.7.0-Write-What-Where?tab=readme-ov-file"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/issues/704",
"url": "https://gitlab.com/libtiff/libtiff/-/issues/704"
},
{
"category": "external",
"summary": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732",
"url": "https://gitlab.com/libtiff/libtiff/-/merge_requests/732"
},
{
"category": "external",
"summary": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html",
"url": "https://libtiff.gitlab.io/libtiff/releases/v4.7.1.html"
}
],
"release_date": "2025-09-22T14:29:35.767000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libtiff: Libtiff Write-What-Where"
},
{
"cve": "CVE-2025-15467",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-16T14:21:50.710000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430376"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker can exploit a stack buffer overflow vulnerability by supplying a crafted Cryptographic Message Syntax (CMS) message with an oversized Initialization Vector (IV) when parsing AuthEnvelopedData structures that use Authenticated Encryption with Associated Data (AEAD) ciphers such as AES-GCM. This can lead to a crash, causing a Denial of Service (DoS), or potentially allow for remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. On Red Hat Enterprise Linux, OpenSSL is built with stack protections enabled which mitigate the risk of code execution though a denial-of-service condition remains possible. This vulnerability only affects applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers, such as Kerberos using the PKINIT plugin. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15467"
},
{
"category": "external",
"summary": "RHBZ#2430376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430376"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15467",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15467"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15467"
}
],
"release_date": "2026-01-27T14:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-47906",
"cwe": {
"id": "CWE-440",
"name": "Expected Behavior Violation"
},
"discovery_date": "2025-09-18T19:00:47.541046+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2396546"
}
],
"notes": [
{
"category": "description",
"text": "A path handling flaw has been discovered in the os/exec go package. If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "os/exec: Unexpected paths returned from LookPath in os/exec",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-47906"
},
{
"category": "external",
"summary": "RHBZ#2396546",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2396546"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-47906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47906"
},
{
"category": "external",
"summary": "https://go.dev/cl/691775",
"url": "https://go.dev/cl/691775"
},
{
"category": "external",
"summary": "https://go.dev/issue/74466",
"url": "https://go.dev/issue/74466"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
"url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3956",
"url": "https://pkg.go.dev/vuln/GO-2025-3956"
}
],
"release_date": "2025-09-18T18:41:11.847000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "os/exec: Unexpected paths returned from LookPath in os/exec"
},
{
"cve": "CVE-2025-52565",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-10-17T14:19:18.653000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2404708"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in runc. CVE-2025-52565 is very similar in concept and application toCVE-2025-31133, except that it exploits a flaw in /dev/console\nbind-mounts. When creating the /dev/console bind-mount (to /dev/pts/$n), if an attacker replaces /dev/pts/$n with a symlink then runc will bind-mount the symlink target over /dev/console.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "runc: container escape with malicious config due to /dev/console mount and related races",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat considers this as an Important flaw since the impact is limited to local attack with minimal privileges in order to jeopardize the environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-52565"
},
{
"category": "external",
"summary": "RHBZ#2404708",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404708"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-52565",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-52565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52565"
},
{
"category": "external",
"summary": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r",
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r"
}
],
"release_date": "2025-11-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Potential mitigations for this issue include:\n\n* Using user namespaces, with the host root user not mapped into the container\u0027s namespace. procfs file permissions are managed using Unix DAC and thus user namespaces stop a container process from being able to write to them.\n* Not running as a root user in the container (this includes disabling setuid binaries with noNewPrivileges). As above, procfs file permissions are managed using Unix DAC and thus non-root users cannot write to them.\n* The default SELinux policy should mitigate this issue, as the /dev/console bind-mount does not re-label the mount and so the container process should not be able to write to unsafe procfs files. However, CVE-2025-52881 allows an attacker to bypass LSM labels, and so this mitigation is not helpful when considered in combination with CVE-2025-52881.\n* The default AppArmor profile used by most runtimes will NOT help mitigate this issue, as /dev/console access is permitted. You could create a custom profile that blocks access to /dev/console, but such a profile might break regular containers. In addition, CVE-2025-52881 allows an attacker to bypass LSM labels, and so that mitigation is not helpful when considered in combination with CVE-2025-52881.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "runc: container escape with malicious config due to /dev/console mount and related races"
},
{
"cve": "CVE-2025-53905",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-07-15T21:01:19.770241+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380362"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim path traversial",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53905"
},
{
"category": "external",
"summary": "RHBZ#2380362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380362"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53905",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53905"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239",
"url": "https://github.com/vim/vim/commit/87757c6b0a4b2c1f71c72ea8e1438b8fb116b239"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr",
"url": "https://github.com/vim/vim/security/advisories/GHSA-74v4-f3x9-ppvr"
}
],
"release_date": "2025-07-15T20:48:34.764000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim path traversial"
},
{
"cve": "CVE-2025-53906",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-07-15T21:01:15.057182+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2380360"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw was found in Vim. Successful exploitation can lead to overwriting sensitive files or placing executable code in privileged locations, depending on the permissions of the process editing the archive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-53906"
},
{
"category": "external",
"summary": "RHBZ#2380360",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2380360"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-53906",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53906"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-53906"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8",
"url": "https://github.com/vim/vim/commit/586294a04179d855c3d1d4ee5ea83931963680b8"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86",
"url": "https://github.com/vim/vim/security/advisories/GHSA-r2fw-9cw4-mj86"
}
],
"release_date": "2025-07-15T20:52:40.137000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim path traversal"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-15T03:00:59.775098+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2395108"
}
],
"notes": [
{
"category": "description",
"text": "A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input (~250 KiB) can cause the parser to allocate hundreds of megabytes, leading to denial-of-service (DoS) through memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is Important rather than Critical because, while it allows for significant resource exhaustion leading to denial-of-service (DoS), it does not enable arbitrary code execution, data leakage, or privilege escalation. The vulnerability stems from an uncontrolled memory amplification behavior in libexpat\u2019s parser, where a relatively small XML payload can cause disproportionately large heap allocations. However, the flaw is limited in scope to service disruption and requires the attacker to submit a crafted XML document\u2014something that can be mitigated with proper input validation and memory usage limits. Therefore, while the exploitability is high, the impact is confined to availability, not confidentiality or integrity, making it a high-severity but not critical flaw.\n\nIn Firefox and Thunderbird, where libexpat is a transitive userspace dependency, exploitation usually just crashes the application (app-level DoS), so it is classified as Moderate instead of Important.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59375"
},
{
"category": "external",
"summary": "RHBZ#2395108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2395108"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59375",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59375"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375"
},
{
"category": "external",
"summary": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375",
"url": "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375"
}
],
"release_date": "2025-09-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "To mitigate the issue, limit XML input size and complexity before parsing, and avoid accepting compressed or deeply nested XML. Use OS-level resource controls (like ulimit or setrlimit()) to cap memory usage, or run the parser in a sandboxed or isolated process with strict memory and CPU limits. This helps prevent denial-of-service by containing excessive resource consumption.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing"
},
{
"cve": "CVE-2025-59425",
"cwe": {
"id": "CWE-208",
"name": "Observable Timing Discrepancy"
},
"discovery_date": "2025-09-22T06:45:41.577000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397234"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM\u2019s API token authentication logic, where token comparisons were not performed in constant time. This weakness could allow an attacker to exploit timing differences to guess valid tokens and bypass authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: Timing Attack in vLLM API Token Verification Leading to Authentication Bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The RedHat security team has rated the severity of this issue as Important. The vulnerability is remotely exploitable without authentication or user interaction and can result in authentication bypass. The root cause was the use of a non-constant-time string comparison, which leaked timing information. Successful exploitation could lead to unauthorized access to APIs and sensitive resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59425"
},
{
"category": "external",
"summary": "RHBZ#2397234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397234"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59425",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59425"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59425",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59425"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48",
"url": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm"
}
],
"release_date": "2025-10-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: Timing Attack in vLLM API Token Verification Leading to Authentication Bypass"
},
{
"acknowledgments": [
{
"names": [
"keymoon",
"Ga_ryo",
"Isotr0py",
"DarkLight1337"
]
}
],
"cve": "CVE-2025-61620",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-06T05:59:34.077000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401761"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the server implementation of vLLM, where the handling of Jinja templates does not properly validate user-supplied input through the chat_template and chat_template_kwargs parameters. When a specially crafted template is processed, it can trigger excessive looping or recursion inside the Jinja engine, consuming large amounts of CPU and memory. This can cause the server to become unresponsive or crash, resulting in a denial-of-service (DoS) condition for applications using vLLM.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM OpenAI-Compatible Server Resource Exhaustion via chat_template Parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has assessed the severity of this vulnerability as Moderate, as it requires authenticated access or the ability to supply templates to the vLLM server. Successful exploitation allows an attacker to exhaust system resources by submitting maliciously crafted Jinja templates that trigger excessive CPU and memory usage. The vulnerability\u2019s root cause is the lack of proper validation and sandboxing of user-supplied template data, which can lead to denial of service (DoS) conditions affecting the availability of services built on vLLM.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61620"
},
{
"category": "external",
"summary": "RHBZ#2401761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401761"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61620",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61620"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61620",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61620"
}
],
"release_date": "2025-10-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM OpenAI-Compatible Server Resource Exhaustion via chat_template Parameters"
},
{
"cve": "CVE-2025-62164",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-11-21T02:01:11.280042+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416282"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in vLLM allows attackers to supply malicious serialized prompt-embedding tensors that are deserialized using torch.load() without validation. Due to PyTorch 2.8.0 disabling sparse-tensor integrity checks by default, a crafted tensor can bypass bounds checks and cause an out-of-bounds write during to_dense(), leading to a crash (DoS) and potentially remote code execution on the vLLM server.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is considered important rather than moderate because it involves unsafe deserialization leading to memory corruption in a network-reachable, unauthenticated API path. Unlike typical moderate flaws that may only allow limited DoS or require specific conditions, this issue allows an attacker to supply a crafted sparse tensor that triggers an out-of-bounds memory write during PyTorch\u2019s to_dense() conversion. Memory corruption in a server process handling untrusted input significantly elevates security risk because it can lead not only to a reliable crash but also to potential remote code execution, enabling full compromise of the vLLM service. Additionally, the affected code path is part of the standard Completions API workflow, making the attack surface broadly exposed in real deployments. The combination of remote exploitability, unauthenticated access, memory corruption, and potential RCE clearly positions this issue above a moderate classification and into an important severity level.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62164"
},
{
"category": "external",
"summary": "RHBZ#2416282",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416282"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62164",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62164"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62164"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-mrw7-hf4f-83pf"
}
],
"release_date": "2025-11-21T01:18:38.803000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: VLLM deserialization vulnerability leading to DoS and potential RCE"
},
{
"cve": "CVE-2025-62372",
"cwe": {
"id": "CWE-129",
"name": "Improper Validation of Array Index"
},
"discovery_date": "2025-11-21T02:00:57.180567+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416280"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service vulnerability in vLLM allows an attacker with API access to crash the engine by submitting multimodal embedding tensors that have the correct number of dimensions but an invalid internal shape. Because vLLM validates only the tensor\u2019s ndim and not the full expected shape, malformed embeddings trigger shape mismatches or validation failures during processing, causing the inference engine to terminate.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated Moderate rather than Important because its impact is strictly limited to availability and requires low but existing privileges to exploit. The issue arises from incomplete shape validation of multimodal embedding tensors, which can cause deterministic crashes in the inference engine, but it does not enable memory corruption, data leakage, integrity compromise, or execution of arbitrary code. Exploitation requires an authenticated or API-key-holding user to submit malformed multimodal inputs, meaning it cannot be triggered by an unauthenticated attacker on an exposed endpoint. Additionally, the failure mode is a clean crash rather than undefined behavior, so the blast radius is constrained to service interruption rather than broader systemic compromise. These factors\u2014PR:L requirement, no confidentiality/integrity impact, deterministic failure mode, and scoped DoS only\u2014technically align the issue with Moderate severity instead of an Important flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62372"
},
{
"category": "external",
"summary": "RHBZ#2416280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416280"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62372",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62372"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62372"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b",
"url": "https://github.com/vllm-project/vllm/commit/58fab50d82838d5014f4a14d991fdb9352c9c84b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27204",
"url": "https://github.com/vllm-project/vllm/pull/27204"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/6613",
"url": "https://github.com/vllm-project/vllm/pull/6613"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-pmqf-x6x8-p7qw"
}
],
"release_date": "2025-11-21T01:22:37.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM vulnerable to DoS with incorrect shape of multimodal embedding inputs"
},
{
"cve": "CVE-2025-62426",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-11-21T02:00:49.606988+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2416278"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in vLLM allows an authenticated user to trigger unintended tokenization during chat template processing by supplying crafted chat_template_kwargs to the /v1/chat/completions or /tokenize endpoints. By forcing the server to tokenize very large inputs, an attacker can block the API server\u2019s event loop for extended periods, causing a denial of service and delaying all other requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The flaw is limited to a denial-of-service vector that requires an authenticated user and relies on abusing an optional, non-security-critical parameter (chat_template_kwargs) to force unexpected tokenization during template application, which is computationally expensive but not indicative of data corruption, privilege escalation, or code execution. The attacker cannot break isolation boundaries or execute arbitrary logic\u2014they can only cause the server\u2019s event loop to stall through large crafted inputs, and only if they already have access to the vLLM API. Moreover, the DoS condition is resource-intensive, depends heavily on model size and server configuration, and does not persist once the malicious request completes. Because the impact is bounded to temporary availability degradation without confidentiality or integrity loss, and because exploitation requires legitimate API access and large payloads, this issue aligns with a Moderate severity rather than an Important/High flaw.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62426"
},
{
"category": "external",
"summary": "RHBZ#2416278",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2416278"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62426"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62426",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62426"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610",
"url": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/chat_utils.py#L1602-L1610"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814",
"url": "https://github.com/vllm-project/vllm/blob/2a6dc67eb520ddb9c4138d8b35ed6fe6226997fb/vllm/entrypoints/openai/serving_engine.py#L809-L814"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b",
"url": "https://github.com/vllm-project/vllm/commit/3ada34f9cb4d1af763fdfa3b481862a93eb6bd2b"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/27205",
"url": "https://github.com/vllm-project/vllm/pull/27205"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-69j4-grxj-j64p"
}
],
"release_date": "2025-11-21T01:21:29.546000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`"
},
{
"cve": "CVE-2025-62593",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-11-26T23:01:25.307125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2417394"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Ray\u2019s HTTP API endpoint handling (e.g. /api/jobs, /api/job_agent/jobs/), which allows a remote attacker to trigger arbitrary code execution when a developer using Ray visits a malicious website in a vulnerable browser (e.g. Firefox or Safari). The root cause is an insufficient defense relying solely on the User-Agent header starting with \u201cMozilla\u201d, which can be manipulated under the fetch specification \u2014 enabling a DNS-rebinding attack to bypass browser-based protections.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ray: Ray is vulnerable to RCE via Safari \u0026 Firefox Browsers through DNS Rebinding Attack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat has chosen to keep this as Important instead of Critical severity because the successful exploitation of this vulnerability requires user interaction in conjunction with a DNS rebinding attack.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62593"
},
{
"category": "external",
"summary": "RHBZ#2417394",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2417394"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62593",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62593"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62593",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62593"
},
{
"category": "external",
"summary": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09",
"url": "https://github.com/ray-project/ray/commit/70e7c72780bdec075dba6cad1afe0832772bfe09"
},
{
"category": "external",
"summary": "https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v",
"url": "https://github.com/ray-project/ray/security/advisories/GHSA-q279-jhrf-cc6v"
}
],
"release_date": "2025-11-26T22:28:28.577000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ray: Ray is vulnerable to RCE via Safari \u0026 Firefox Browsers through DNS Rebinding Attack"
},
{
"cve": "CVE-2025-62727",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"discovery_date": "2025-10-28T21:01:03.833849+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2406929"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability has been discovered in the python Starlette framework. an unauthenticated attacker can send a crafted HTTP Range header that triggers quadratic-time processing in Starlette\u0027s FileResponse Range parsing/merging logic. This induces CPU exhaustion per request, causing a denial\u2011of\u2011service for endpoints serving files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "starlette: Starlette DoS via Range header merging",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62727"
},
{
"category": "external",
"summary": "RHBZ#2406929",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406929"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62727"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62727"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5",
"url": "https://github.com/Kludex/starlette/commit/4ea6e22b489ec388d6004cfbca52dd5b147127c5"
},
{
"category": "external",
"summary": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8",
"url": "https://github.com/Kludex/starlette/security/advisories/GHSA-7f5h-v6xp-fcq8"
}
],
"release_date": "2025-10-28T20:14:53.655000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "starlette: Starlette DoS via Range header merging"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66448",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-12-01T23:01:07.198041+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418152"
}
],
"notes": [
{
"category": "description",
"text": "A remote code execution vulnerability has been identified in vLLM. An attacker can exploit a weakness in the model loading process to silently fetch and run unauthorized, malicious Python code on the host system. This happens because the engine mistakenly executes code from a remote repository referenced in a model\u0027s configuration, even when explicit security measures are set to prevent it.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Remote Code Execution via malicious model configuration",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat because vLLM, when deployed in a Red Hat environment, is susceptible to remote code execution. An attacker can craft a malicious model configuration that, when loaded, fetches and executes arbitrary Python code from a remote repository, even if `trust_remote_code` is explicitly set to `False`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66448"
},
{
"category": "external",
"summary": "RHBZ#2418152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418152"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66448",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66448"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66448"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86",
"url": "https://github.com/vllm-project/vllm/commit/ffb08379d8870a1a81ba82b72797f196838d0c86"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/28126",
"url": "https://github.com/vllm-project/vllm/pull/28126"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-8fr4-5q9j-m8gm"
}
],
"release_date": "2025-12-01T22:45:42.566000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vllm: vLLM: Remote Code Execution via malicious model configuration"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2025-66506",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-12-04T23:01:20.507333+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Fulcio, a free-to-use certificate authority. This vulnerability allows a denial of service (DoS) due to excessive memory allocation when processing a malicious OpenID Connect (OIDC) identity token containing numerous period characters.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as Fulcio, a certificate authority used for issuing code signing certificates, is susceptible to a denial of service when processing a specially crafted OpenID Connect (OIDC) token. This could lead to resource exhaustion and service unavailability in affected Red Hat products that utilize Fulcio.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66506"
},
{
"category": "external",
"summary": "RHBZ#2419056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66506",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66506"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a",
"url": "https://github.com/sigstore/fulcio/commit/765a0e57608b9ef390e1eeeea8595b9054c63a5a"
},
{
"category": "external",
"summary": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw",
"url": "https://github.com/sigstore/fulcio/security/advisories/GHSA-f83f-xpx7-ffpw"
}
],
"release_date": "2025-12-04T22:04:41.637000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/sigstore/fulcio: Fulcio: Denial of Service via crafted OpenID Connect (OIDC) token"
},
{
"cve": "CVE-2025-69223",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-06T20:01:19.831548+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427456"
}
],
"notes": [
{
"category": "description",
"text": "A decompression based denial of service flaw has been discovered in the AIOHTTP python library. Library versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host\u0027s memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "aiohttp: AIOHTTP\u0027s HTTP Parser auto_decompress feature is vulnerable to zip bomb",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69223"
},
{
"category": "external",
"summary": "RHBZ#2427456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69223",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69223"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69223"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a",
"url": "https://github.com/aio-libs/aiohttp/commit/2b920c39002cee0ec5b402581779bbaaf7c9138a"
},
{
"category": "external",
"summary": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg",
"url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-6mq8-rvhq-8wgg"
}
],
"release_date": "2026-01-05T22:00:17.715000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "aiohttp: AIOHTTP\u0027s HTTP Parser auto_decompress feature is vulnerable to zip bomb"
},
{
"cve": "CVE-2026-0994",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2026-01-23T16:02:59.235878+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2432398"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in protobuf. A remote attacker can exploit this denial-of-service (DoS) vulnerability by supplying deeply nested `google.protobuf.Any` messages to the `google.protobuf.json_format.ParseDict()` function. This bypasses the intended recursion depth limit, leading to the exhaustion of Python\u2019s recursion stack and causing a `RecursionError`, which results in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: protobuf: Protobuf: Denial of Service due to recursion depth bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in `protobuf` allows a remote attacker to trigger a denial-of-service by providing specially crafted, deeply nested `google.protobuf.Any` messages to the `google.protobuf.json_format.ParseDict()` function. This bypasses the intended recursion depth limit, leading to resource exhaustion and application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-0994"
},
{
"category": "external",
"summary": "RHBZ#2432398",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2432398"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-0994",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0994"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-0994",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0994"
},
{
"category": "external",
"summary": "https://github.com/protocolbuffers/protobuf/pull/25239",
"url": "https://github.com/protocolbuffers/protobuf/pull/25239"
}
],
"release_date": "2026-01-23T14:55:16.876000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python: protobuf: Protobuf: Denial of Service due to recursion depth bypass"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
},
{
"cve": "CVE-2026-22773",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-10T07:01:22.641229+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2428443"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted 1x1 pixel image to a vLLM engine serving multimodal models that use the Idefics3 vision model implementation. This leads to a tensor dimension mismatch, causing an unhandled runtime error and resulting in complete server termination, effectively a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vllm: vLLM: Denial of Service via specially crafted image in multimodal model serving",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Moderate for Red Hat products. A remote attacker can trigger a denial of service in vLLM engines serving multimodal models that use the Idefics3 vision model by sending a specially crafted image, leading to complete server termination. This affects Red Hat AI Inference Server and Red Hat OpenShift AI (RHOAI) when configured with the vulnerable vLLM versions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22773"
},
{
"category": "external",
"summary": "RHBZ#2428443",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2428443"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22773",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22773"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22773",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22773"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-grg2-63fw-f2qr"
}
],
"release_date": "2026-01-10T06:39:02.276000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vllm: vLLM: Denial of Service via specially crafted image in multimodal model serving"
},
{
"cve": "CVE-2026-22778",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-02-03T00:01:43.512265+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2436113"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A remote attacker can exploit this vulnerability by sending a specially crafted video URL to vLLM\u0027s multimodal endpoint. This action causes vLLM to leak a heap memory address, significantly reducing the effectiveness of Address Space Layout Randomization (ASLR). This information disclosure can then be chained with a heap overflow vulnerability to achieve remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Critical rather than Important because it allows unauthenticated remote code execution without requiring user interaction, ultimately leading to full compromise of the affected system. An attacker can provide a malicious video URL to a vulnerable vLLM inference endpoint, which causes the service to automatically retrieve and process attacker-controlled media content. During decoding, a heap overflow is triggered in the underlying video processing stack, enabling corruption of heap memory and potential overwriting of control structures to execute arbitrary commands on the host. In addition, an information disclosure condition can leak memory addresses, significantly weakening ASLR protections and making exploitation more reliable when combined with the heap overflow. Successful exploitation compromises the confidentiality, integrity, and availability of the system and can impact deployments such as Red Hat AI Inference Server, Red Hat Enterprise Linux AI, and Red Hat OpenShift AI, thereby meeting Red Hat\u2019s criteria for Critical severity rather than Important impact.\n\nThe vLLM vulnerability depends on CVE-2025-9951, as processing attacker-controlled media can trigger the JPEG2000 decoder heap overflow, which can then be exploited within the vLLM video handling pipeline to cause memory corruption and potentially achieve remote code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22778"
},
{
"category": "external",
"summary": "RHBZ#2436113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436113"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22778"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22778",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22778"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/31987",
"url": "https://github.com/vllm-project/vllm/pull/31987"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/32319",
"url": "https://github.com/vllm-project/vllm/pull/32319"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/releases/tag/v0.14.1",
"url": "https://github.com/vllm-project/vllm/releases/tag/v0.14.1"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-4r2x-xpjr-7cvv"
}
],
"release_date": "2026-02-02T21:09:53.265000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "vLLM: vLLM: Remote code execution via invalid image processing in the multimodal endpoint."
},
{
"cve": "CVE-2026-22807",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-01-21T22:00:55.823882+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431865"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). This vulnerability allows a remote attacker to achieve arbitrary code execution on the vLLM host during model loading. This occurs because vLLM loads Hugging Face `auto_map` dynamic modules without properly validating the `trust_remote_code` setting. By influencing the model repository or path, an attacker can execute malicious Python code at server startup, even before any API requests are handled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vLLM: vLLM: Arbitrary code execution via untrusted model loading",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat as vLLM, an inference and serving engine for large language models, is vulnerable to arbitrary code execution. An attacker influencing the model repository or path can execute malicious Python code during server startup, affecting vLLM versions 0.10.1 through 0.13.x.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22807"
},
{
"category": "external",
"summary": "RHBZ#2431865",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431865"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22807",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22807"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22807",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22807"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5",
"url": "https://github.com/vllm-project/vllm/commit/78d13ea9de4b1ce5e4d8a5af9738fea71fb024e5"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/32194",
"url": "https://github.com/vllm-project/vllm/pull/32194"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/releases/tag/v0.14.0",
"url": "https://github.com/vllm-project/vllm/releases/tag/v0.14.0"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-2pc9-4j83-qjmr"
}
],
"release_date": "2026-01-21T21:13:11.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that vLLM instances are configured to load models only from trusted and verified repositories. Restrict access to the model repository path to prevent unauthorized modification or introduction of malicious code. Implement strict access controls and integrity checks for all model sources.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vLLM: vLLM: Arbitrary code execution via untrusted model loading"
},
{
"cve": "CVE-2026-24049",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-22T05:00:54.709179+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431959"
}
],
"notes": [
{
"category": "description",
"text": "A path traversal flaw has been discovered in the python wheel too. The unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24049"
},
{
"category": "external",
"summary": "RHBZ#2431959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24049",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24049"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef",
"url": "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/releases/tag/0.46.2",
"url": "https://github.com/pypa/wheel/releases/tag/0.46.2"
},
{
"category": "external",
"summary": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx",
"url": "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx"
}
],
"release_date": "2026-01-22T04:02:08.706000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking"
},
{
"cve": "CVE-2026-24486",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-01-27T01:00:58.032530+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Python-Multipart, a tool for parsing multipart form data in Python applications. This vulnerability, known as path traversal, allows a remote attacker to write uploaded files to any location on the server\u0027s file system. This exploitation occurs when specific non-default configuration options, `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`, are enabled, and a malicious filename is provided during a file upload. The primary consequence is unauthorized file creation or modification, which could lead to system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-multipart: Python-Multipart: Arbitrary file write via path traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24486"
},
{
"category": "external",
"summary": "RHBZ#2433132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24486",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24486"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24486",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24486"
},
{
"category": "external",
"summary": "https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4",
"url": "https://github.com/Kludex/python-multipart/commit/9433f4bbc9652bdde82bbe380984e32f8cfc89c4"
},
{
"category": "external",
"summary": "https://github.com/Kludex/python-multipart/releases/tag/0.0.22",
"url": "https://github.com/Kludex/python-multipart/releases/tag/0.0.22"
},
{
"category": "external",
"summary": "https://github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg",
"url": "https://github.com/Kludex/python-multipart/security/advisories/GHSA-wp53-j4wj-2cfg"
}
],
"release_date": "2026-01-27T00:34:06.229000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, avoid enabling the `UPLOAD_KEEP_FILENAME=True` configuration option in applications using `python-multipart`. This option, when used with `UPLOAD_DIR`, allows an attacker to write files to arbitrary locations. Disabling or not configuring `UPLOAD_KEEP_FILENAME=True` prevents the path traversal vulnerability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-multipart: Python-Multipart: Arbitrary file write via path traversal vulnerability"
},
{
"cve": "CVE-2026-24779",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-01-27T23:00:53.998772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433624"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in vLLM, an inference and serving engine for large language models (LLMs). A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class, specifically within the load_from_url and load_from_url_async methods. An attacker can exploit differing interpretations of backslashes by Python parsing libraries used for host restrictions to bypass these restrictions. This allows the attacker to force the vLLM server to make arbitrary requests to internal network resources, potentially leading to information disclosure, denial of service, or unauthorized access within containerized environments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vLLM: vLLM: Server-Side Request Forgery allows internal network access",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This IMPORTANT Server-Side Request Forgery (SSRF) vulnerability in vLLM\u0027s `MediaConnector` allows an attacker to bypass host restrictions when processing user-provided URLs. This enables the vLLM server to be coerced into making arbitrary requests to internal network resources. This is critical in containerized deployments, including Red Hat AI Inference Server, Red Hat Enterprise Linux AI, and Red Hat OpenShift AI, where it could facilitate internal network reconnaissance and unauthorized access to other services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24779"
},
{
"category": "external",
"summary": "RHBZ#2433624",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433624"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24779"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7",
"url": "https://github.com/vllm-project/vllm/commit/f46d576c54fb8aeec5fc70560e850bed38ef17d7"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/pull/32746",
"url": "https://github.com/vllm-project/vllm/pull/32746"
},
{
"category": "external",
"summary": "https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc",
"url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc"
}
],
"release_date": "2026-01-27T22:01:13.808000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "To mitigate this issue, restrict network access to the vLLM service to only trusted clients. Implement strict network segmentation for vLLM pods in containerized environments to limit potential lateral movement. Ensure that vLLM instances are not exposed to untrusted external networks without proper access controls and input validation at the perimeter.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "vLLM: vLLM: Server-Side Request Forgery allows internal network access"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-27T14:55:49+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:3462",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3462"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/vllm-rocm-rhel9@sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
}
]
}
RHSA-2026:4128
Vulnerability from csaf_redhat - Published: 2026-03-09 18:59 - Updated: 2026-03-31 22:56Summary
Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.2 (CUDA)
Severity
Important
Notes
Topic: Red Hat AI Inference Server Model Optimization Tools 3.2.2 (CUDA) is now available.
Details: Red Hat® AI Inference Server Model Optimization Tools
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in giflib. A missing check in function DumpScreen2RGB in gif2rgb.c leads to an out-of-bounds read, allowing an attacker to crash the gif2rgb tool. The issue is not in the giflib library, but in the gif2rgb utility program.
5.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:4128
https://access.redhat.com/errata/RHSA-2026:4128
An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:4128
https://access.redhat.com/errata/RHSA-2026:4128
Workaround
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 ("Double-Hash Port Selection Algorithm") of RFC 6056.
0.0 (None)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:4128
https://access.redhat.com/errata/RHSA-2026:4128
A flaw was found in libvpx. Encoding a frame with larger dimensions than the original configured size with VP9 may result in a heap overflow.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:4128
https://access.redhat.com/errata/RHSA-2026:4128
A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.
4.3 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:4128
https://access.redhat.com/errata/RHSA-2026:4128
A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:4128
https://access.redhat.com/errata/RHSA-2026:4128
A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.
4.2 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:4128
https://access.redhat.com/errata/RHSA-2026:4128
A flaw was found in the libsndfile package. A specially-crafted input file may trigger a reachable assertion error, which can cause an application crash leading to a denial of service.
6.5 (Medium)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:4128
https://access.redhat.com/errata/RHSA-2026:4128
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
For more information visit https://access.redhat.com/errata/RHSA-2026:4128
https://access.redhat.com/errata/RHSA-2026:4128
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat AI Inference Server Model Optimization Tools 3.2.2 (CUDA) is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat\u00ae AI Inference Server Model Optimization Tools",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:4128",
"url": "https://access.redhat.com/errata/RHSA-2026:4128"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2020-23922",
"url": "https://access.redhat.com/security/cve/CVE-2020-23922"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-32189",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2022-32296",
"url": "https://access.redhat.com/security/cve/CVE-2022-32296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-39327",
"url": "https://access.redhat.com/security/cve/CVE-2023-39327"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-39329",
"url": "https://access.redhat.com/security/cve/CVE-2023-39329"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2023-6349",
"url": "https://access.redhat.com/security/cve/CVE-2023-6349"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45341",
"url": "https://access.redhat.com/security/cve/CVE-2024-45341"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-50613",
"url": "https://access.redhat.com/security/cve/CVE-2024-50613"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-25990",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://www.redhat.com/en/products/ai/inference-server",
"url": "https://www.redhat.com/en/products/ai/inference-server"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_4128.json"
}
],
"title": "Red Hat Security Advisory: Red Hat AI Inference Server Model Optimization Tools 3.2.2 (CUDA)",
"tracking": {
"current_release_date": "2026-03-31T22:56:53+00:00",
"generator": {
"date": "2026-03-31T22:56:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:4128",
"initial_release_date": "2026-03-09T18:59:37+00:00",
"revision_history": [
{
"date": "2026-03-09T18:59:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-09T18:59:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-31T22:56:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat AI Inference Server 3.2",
"product": {
"name": "Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ai_inference_server:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat AI Inference Server"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"product": {
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"product_id": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"product_identification_helper": {
"purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3A2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92?arch=amd64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=1772713830"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64",
"product": {
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64",
"product_id": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64",
"product_identification_helper": {
"purl": "pkg:oci/model-opt-cuda-rhel9@sha256%3A9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac?arch=arm64\u0026repository_url=registry.redhat.io/rhaiis\u0026tag=1772713830"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64"
},
"product_reference": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64 as a component of Red Hat AI Inference Server 3.2",
"product_id": "Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
},
"product_reference": "registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64",
"relates_to_product_reference": "Red Hat AI Inference Server 3.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-23922",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2020-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1953004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in giflib. A missing check in function DumpScreen2RGB in gif2rgb.c leads to an out-of-bounds read, allowing an attacker to crash the gif2rgb tool. The issue is not in the giflib library, but in the gif2rgb utility program.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of giflib as shipped with Red Hat Enterprise Linux 8 as they did not include the gif2rgb tool.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-23922"
},
{
"category": "external",
"summary": "RHBZ#1953004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1953004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-23922",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-23922"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-23922",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23922"
}
],
"release_date": "2021-04-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-09T18:59:37+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4128"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "giflib: out-of-bounds read in DumpScreen2RGB() in gif2rgb.c in gif2rgb tool"
},
{
"cve": "CVE-2022-32189",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2022-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2113814"
}
],
"notes": [
{
"category": "description",
"text": "An uncontrolled resource consumption flaw was found in Golang math/big. A too-short encoded message can cause a panic in Float.GobDecode and Rat.GobDecode in math/big in Go, potentially allowing an attacker to create a denial of service, impacting availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw stems from a particular and specific method (GoBDecode) which isn\u0027t commonly used. There are few components within Red Hat offerings which call this function. In rare cases where this method is called, the component limits possible damage or it is not possible to be triggered by an attacker. For these combined reasons the impact has been downgraded to Low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32189"
},
{
"category": "external",
"summary": "RHBZ#2113814",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2113814"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32189",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32189"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32189"
},
{
"category": "external",
"summary": "https://go.dev/issue/53871",
"url": "https://go.dev/issue/53871"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU",
"url": "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU"
}
],
"release_date": "2022-08-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-09T18:59:37+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4128"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service"
},
{
"cve": "CVE-2022-32296",
"cwe": {
"id": "CWE-341",
"name": "Predictable from Observable State"
},
"discovery_date": "2022-06-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2096901"
}
],
"notes": [
{
"category": "description",
"text": "The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. This occurs because of use of Algorithm 4 (\"Double-Hash Port Selection Algorithm\") of RFC 6056.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: insufficient TCP source port randomness leads to client identification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw was found to be a duplicate of CVE-2022-1012. Please see https://access.redhat.com/security/cve/CVE-2022-1012 for information about affected products and security errata.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-32296"
},
{
"category": "external",
"summary": "RHBZ#2096901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2096901"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-32296",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-32296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32296"
}
],
"release_date": "2022-05-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-09T18:59:37+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4128"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
}
],
"title": "kernel: insufficient TCP source port randomness leads to client identification"
},
{
"cve": "CVE-2023-6349",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2024-05-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2283553"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libvpx. Encoding a frame with larger dimensions than the original configured size with VP9 may result in a heap overflow.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libvpx: Heap buffer overflow related to VP9 encoding",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability does not affect any versions of Red Hat Enterprise Linux.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-6349"
},
{
"category": "external",
"summary": "RHBZ#2283553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2283553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-6349",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-6349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6349"
}
],
"release_date": "2024-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-09T18:59:37+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4128"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libvpx: Heap buffer overflow related to VP9 encoding"
},
{
"cve": "CVE-2023-39327",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2295812"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenJPEG. Maliciously constructed pictures can cause the program to enter a large loop and continuously print warning messages on the terminal.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: Malicious files can cause the program to enter a large loop",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39327"
},
{
"category": "external",
"summary": "RHBZ#2295812",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295812"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39327",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39327"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39327",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39327"
}
],
"release_date": "2024-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-09T18:59:37+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4128"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openjpeg: Malicious files can cause the program to enter a large loop"
},
{
"cve": "CVE-2023-39329",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2295816"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenJPEG. A resource exhaustion can occur in the opj_t1_decode_cblks function in tcd.c through a crafted image file, causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openjpeg: Resource exhaustion will occur in the opj_t1_decode_cblks function in the tcd.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-39329"
},
{
"category": "external",
"summary": "RHBZ#2295816",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2295816"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-39329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39329"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-39329",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39329"
}
],
"release_date": "2024-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-09T18:59:37+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4128"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openjpeg: Resource exhaustion will occur in the opj_t1_decode_cblks function in the tcd.c"
},
{
"cve": "CVE-2024-45341",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-01-23T12:26:31.454000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2341750"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 package of the Golang standard library. A certificate with a URI, which has a IPv6 address with a zone ID, may incorrectly satisfy a URI name constraint that applies to the certificate chain. Certificates containing URIs are not permitted in the web PKI; this issue only affects users of private PKIs that make use of URIs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45341"
},
{
"category": "external",
"summary": "RHBZ#2341750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2341750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45341"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45341"
},
{
"category": "external",
"summary": "https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4",
"url": "https://github.com/golang/go/commit/2b2314e9f6103de322b2e247387c8b01fd0cd5a4"
},
{
"category": "external",
"summary": "https://github.com/golang/go/issues/71156",
"url": "https://github.com/golang/go/issues/71156"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI",
"url": "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI"
}
],
"release_date": "2025-01-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-09T18:59:37+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4128"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints"
},
{
"cve": "CVE-2024-50613",
"cwe": {
"id": "CWE-617",
"name": "Reachable Assertion"
},
"discovery_date": "2024-10-27T23:00:45.399703+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2322056"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the libsndfile package. A specially-crafted input file may trigger a reachable assertion error, which can cause an application crash leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libsndfile: Reachable assertion in mpeg_l3_encoder_close",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-50613"
},
{
"category": "external",
"summary": "RHBZ#2322056",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322056"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-50613",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50613"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-50613",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50613"
},
{
"category": "external",
"summary": "https://github.com/libsndfile/libsndfile/issues/1034",
"url": "https://github.com/libsndfile/libsndfile/issues/1034"
}
],
"release_date": "2024-10-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-09T18:59:37+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4128"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libsndfile: Reachable assertion in mpeg_l3_encoder_close"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-09T18:59:37+00:00",
"details": "For more information visit https://access.redhat.com/errata/RHSA-2026:4128",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:4128"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:2fd4f343235f7e896a70169fc4b856343d639c65bec77c1883cbd8210caf3a92_amd64",
"Red Hat AI Inference Server 3.2:registry.redhat.io/rhaiis/model-opt-cuda-rhel9@sha256:9c1beb862965c37ec54cbc5e5f2352ba83b3f377ce5c2a9909b943081abb55ac_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
}
]
}
RHSA-2026:6277
Vulnerability from csaf_redhat - Published: 2026-03-31 16:12 - Updated: 2026-03-31 22:57Summary
Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update
Severity
Important
Notes
Topic: An update is now available for Red Hat Ansible Automation Platform 2.6
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.
Security Fix(es):
* automation-gateway-proxy: Unexpected session resumption in crypto/tls (CVE-2025-68121)
* automation-gateway-proxy: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* automation-platform-ui: SVGO: Denial of Service via XML entity expansion (CVE-2026-29074)
* automation-platform-ui: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)
* automation-platform-ui: ReDoS via $data reference (CVE-2025-69873)
* automation-platform-ui: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)
* python3.12-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image (CVE-2026-25990)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
IMPORTANT: All users must download the latest version of the installer. Attempting to install or upgrade with a previous version of the installer could result in failure.
For details about this release, refer to the release notes listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, refer to Ansible Automation Platform documentation.
https://access.redhat.com/errata/RHSA-2026:6277
Workaround
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
7.4 (High)
Vendor Fix
For details on how to apply this update, refer to Ansible Automation Platform documentation.
https://access.redhat.com/errata/RHSA-2026:6277
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, refer to Ansible Automation Platform documentation.
https://access.redhat.com/errata/RHSA-2026:6277
Workaround
To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.
A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.
7.5 (High)
Vendor Fix
For details on how to apply this update, refer to Ansible Automation Platform documentation.
https://access.redhat.com/errata/RHSA-2026:6277
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.
7.3 (High)
Vendor Fix
For details on how to apply this update, refer to Ansible Automation Platform documentation.
https://access.redhat.com/errata/RHSA-2026:6277
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).
6.5 (Medium)
Vendor Fix
For details on how to apply this update, refer to Ansible Automation Platform documentation.
https://access.redhat.com/errata/RHSA-2026:6277
A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.
7.5 (High)
Vendor Fix
For details on how to apply this update, refer to Ansible Automation Platform documentation.
https://access.redhat.com/errata/RHSA-2026:6277
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat Ansible Automation Platform 2.6\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to individual teams, while automation developers retain the freedom to write tasks that leverage existing knowledge without the overhead. Ansible Automation Platform makes it possible for users across an organization to share, vet, and manage automation content by means of a simple, powerful, and agentless language.\n\nSecurity Fix(es):\n\n* automation-gateway-proxy: Unexpected session resumption in crypto/tls (CVE-2025-68121)\n* automation-gateway-proxy: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)\n* automation-platform-ui: SVGO: Denial of Service via XML entity expansion (CVE-2026-29074)\n* automation-platform-ui: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)\n* automation-platform-ui: ReDoS via $data reference (CVE-2025-69873)\n* automation-platform-ui: Axios affected by Denial of Service via __proto__ Key in mergeConfig (CVE-2026-25639)\n* python3.12-pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image (CVE-2026-25990)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nIMPORTANT: All users must download the latest version of the installer. Attempting to install or upgrade with a previous version of the installer could result in failure.\n\nFor details about this release, refer to the release notes listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:6277",
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/release_notes/patch_releases",
"url": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6/html/release_notes/patch_releases"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade",
"url": "https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.6#Upgrade"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6277.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update",
"tracking": {
"current_release_date": "2026-03-31T22:57:14+00:00",
"generator": {
"date": "2026-03-31T22:57:14+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:6277",
"initial_release_date": "2026-03-31T16:12:45+00:00",
"revision_history": [
{
"date": "2026-03-31T16:12:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-03-31T16:12:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-31T22:57:14+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.6::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_inside:2.6::el9"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:2.6::el10"
}
}
},
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product": {
"name": "Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform_developer:2.6::el10"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ansible Automation Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.src",
"product": {
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.src",
"product_id": "aap-metrics-utility-0:0.6.3-3.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aap-metrics-utility@0.6.3-3.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"product": {
"name": "python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"product_id": "python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base@2.6.20260325-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-0:12.1.1-1.el9ap.src",
"product": {
"name": "python3.12-pillow-0:12.1.1-1.el9ap.src",
"product_id": "python3.12-pillow-0:12.1.1-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow@12.1.1-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"product": {
"name": "python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"product_id": "python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-ansible@0.25.4-1.el9ap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"product": {
"name": "python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"product_id": "python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulpcore@3.49.54-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-filter-0:25.2-1.el9ap.src",
"product": {
"name": "python3.12-django-filter-0:25.2-1.el9ap.src",
"product_id": "python3.12-django-filter-0:25.2-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-filter@25.2-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-asgiref-0:3.11.1-1.el9ap.src",
"product": {
"name": "python3.12-asgiref-0:3.11.1-1.el9ap.src",
"product_id": "python3.12-asgiref-0:3.11.1-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-asgiref@3.11.1-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-channels-0:4.3.2-1.el9ap.src",
"product": {
"name": "python3.12-channels-0:4.3.2-1.el9ap.src",
"product_id": "python3.12-channels-0:4.3.2-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-channels@4.3.2-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"product": {
"name": "python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"product_id": "python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-drf-spectacular@0.29.0-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-0:5.2.12-1.el9ap.src",
"product": {
"name": "python3.12-django-0:5.2.12-1.el9ap.src",
"product_id": "python3.12-django-0:5.2.12-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django@5.2.12-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-core-1:2.16.17-1.el9ap.src",
"product": {
"name": "ansible-core-1:2.16.17-1.el9ap.src",
"product_id": "ansible-core-1:2.16.17-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.16.17-1.el9ap?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.6.4-1.el9ap.src",
"product": {
"name": "receptor-0:1.6.4-1.el9ap.src",
"product_id": "receptor-0:1.6.4-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.6.4-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-platform-ui-0:2.6.7-1.el9ap.src",
"product": {
"name": "automation-platform-ui-0:2.6.7-1.el9ap.src",
"product_id": "automation-platform-ui-0:2.6.7-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-platform-ui@2.6.7-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-0:2.6.14-1.el9.src",
"product": {
"name": "automation-gateway-proxy-0:2.6.14-1.el9.src",
"product_id": "automation-gateway-proxy-0:2.6.14-1.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy@2.6.14-1.el9?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-0:1.2.7-1.el9ap.src",
"product": {
"name": "automation-eda-controller-0:1.2.7-1.el9ap.src",
"product_id": "automation-eda-controller-0:1.2.7-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller@1.2.7-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-hub-0:4.11.7-1.el9ap.src",
"product": {
"name": "automation-hub-0:4.11.7-1.el9ap.src",
"product_id": "automation-hub-0:4.11.7-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-hub@4.11.7-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-rulebook-0:1.2.2-1.el9ap.src",
"product": {
"name": "ansible-rulebook-0:1.2.2-1.el9ap.src",
"product_id": "ansible-rulebook-0:1.2.2-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-rulebook@1.2.2-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.7.10-2.el9ap.src",
"product": {
"name": "automation-controller-0:4.7.10-2.el9ap.src",
"product_id": "automation-controller-0:4.7.10-2.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.7.10-2.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-0:2.6.20260325-2.el9ap.src",
"product": {
"name": "automation-gateway-0:2.6.20260325-2.el9ap.src",
"product_id": "automation-gateway-0:2.6.20260325-2.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway@2.6.20260325-2.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"product": {
"name": "ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"product_id": "ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-automation-platform-installer@2.6-6.1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"product": {
"name": "python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"product_id": "python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-galaxy-ng@4.11.7-2.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"product": {
"name": "python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"product_id": "python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-container@2.19.8-1.el9ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "ansible-core-2:2.16.17-2.el10ap.src",
"product": {
"name": "ansible-core-2:2.16.17-2.el10ap.src",
"product_id": "ansible-core-2:2.16.17-2.el10ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.16.17-2.el10ap?arch=src\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "python-asgiref-0:3.11.1-2.el10ap.src",
"product": {
"name": "python-asgiref-0:3.11.1-2.el10ap.src",
"product_id": "python-asgiref-0:3.11.1-2.el10ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-asgiref@3.11.1-2.el10ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "python-django-0:5.2.12-2.el10ap.src",
"product": {
"name": "python-django-0:5.2.12-2.el10ap.src",
"product_id": "python-django-0:5.2.12-2.el10ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-django@5.2.12-2.el10ap?arch=src"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.6.4-2.el10ap.src",
"product": {
"name": "receptor-0:1.6.4-2.el10ap.src",
"product_id": "receptor-0:1.6.4-2.el10ap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.6.4-2.el10ap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"product": {
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"product_id": "aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aap-metrics-utility@0.6.3-3.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"product": {
"name": "python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"product_id": "python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow@12.1.1-1.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"product": {
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"product_id": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow-debugsource@12.1.1-1.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"product": {
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"product_id": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow-debuginfo@12.1.1-1.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.6.4-1.el9ap.x86_64",
"product": {
"name": "receptor-0:1.6.4-1.el9ap.x86_64",
"product_id": "receptor-0:1.6.4-1.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.6.4-1.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"product": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"product_id": "receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debugsource@1.6.4-1.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"product": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"product_id": "receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debuginfo@1.6.4-1.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"product": {
"name": "automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"product_id": "automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy@2.6.14-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"product": {
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"product_id": "automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-server@2.6.14-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"product": {
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"product_id": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-debugsource@2.6.14-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"product": {
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"product_id": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-server-debuginfo@2.6.14-1.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.7.10-2.el9ap.x86_64",
"product": {
"name": "automation-controller-0:4.7.10-2.el9ap.x86_64",
"product_id": "automation-controller-0:4.7.10-2.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.7.10-2.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"product": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"product_id": "automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.7.10-2.el9ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.6.4-2.el10ap.x86_64",
"product": {
"name": "receptor-0:1.6.4-2.el10ap.x86_64",
"product_id": "receptor-0:1.6.4-2.el10ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.6.4-2.el10ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"product": {
"name": "receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"product_id": "receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debugsource@1.6.4-2.el10ap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"product": {
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"product_id": "receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debuginfo@1.6.4-2.el10ap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"product": {
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"product_id": "aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aap-metrics-utility@0.6.3-3.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"product": {
"name": "python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"product_id": "python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow@12.1.1-1.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"product": {
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"product_id": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow-debugsource@12.1.1-1.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"product": {
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"product_id": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow-debuginfo@12.1.1-1.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.6.4-1.el9ap.ppc64le",
"product": {
"name": "receptor-0:1.6.4-1.el9ap.ppc64le",
"product_id": "receptor-0:1.6.4-1.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.6.4-1.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"product": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"product_id": "receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debugsource@1.6.4-1.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"product": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"product_id": "receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debuginfo@1.6.4-1.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"product": {
"name": "automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"product_id": "automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy@2.6.14-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"product": {
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"product_id": "automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-server@2.6.14-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"product": {
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"product_id": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-debugsource@2.6.14-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"product": {
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"product_id": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-server-debuginfo@2.6.14-1.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.7.10-2.el9ap.ppc64le",
"product": {
"name": "automation-controller-0:4.7.10-2.el9ap.ppc64le",
"product_id": "automation-controller-0:4.7.10-2.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.7.10-2.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"product": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"product_id": "automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.7.10-2.el9ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.6.4-2.el10ap.ppc64le",
"product": {
"name": "receptor-0:1.6.4-2.el10ap.ppc64le",
"product_id": "receptor-0:1.6.4-2.el10ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.6.4-2.el10ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"product": {
"name": "receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"product_id": "receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debugsource@1.6.4-2.el10ap?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"product": {
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"product_id": "receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debuginfo@1.6.4-2.el10ap?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"product": {
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"product_id": "aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aap-metrics-utility@0.6.3-3.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"product": {
"name": "python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"product_id": "python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow@12.1.1-1.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"product": {
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"product_id": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow-debugsource@12.1.1-1.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"product": {
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"product_id": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow-debuginfo@12.1.1-1.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.6.4-1.el9ap.s390x",
"product": {
"name": "receptor-0:1.6.4-1.el9ap.s390x",
"product_id": "receptor-0:1.6.4-1.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.6.4-1.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"product": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"product_id": "receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debugsource@1.6.4-1.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"product": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"product_id": "receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debuginfo@1.6.4-1.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"product": {
"name": "automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"product_id": "automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy@2.6.14-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"product": {
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"product_id": "automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-server@2.6.14-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"product": {
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"product_id": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-debugsource@2.6.14-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"product": {
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"product_id": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-server-debuginfo@2.6.14-1.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.7.10-2.el9ap.s390x",
"product": {
"name": "automation-controller-0:4.7.10-2.el9ap.s390x",
"product_id": "automation-controller-0:4.7.10-2.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.7.10-2.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"product": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"product_id": "automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.7.10-2.el9ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.6.4-2.el10ap.s390x",
"product": {
"name": "receptor-0:1.6.4-2.el10ap.s390x",
"product_id": "receptor-0:1.6.4-2.el10ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.6.4-2.el10ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"product": {
"name": "receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"product_id": "receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debugsource@1.6.4-2.el10ap?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"product": {
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"product_id": "receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debuginfo@1.6.4-2.el10ap?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"product": {
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"product_id": "aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/aap-metrics-utility@0.6.3-3.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"product": {
"name": "python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"product_id": "python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow@12.1.1-1.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"product": {
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"product_id": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow-debugsource@12.1.1-1.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"product": {
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"product_id": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pillow-debuginfo@12.1.1-1.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.6.4-1.el9ap.aarch64",
"product": {
"name": "receptor-0:1.6.4-1.el9ap.aarch64",
"product_id": "receptor-0:1.6.4-1.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.6.4-1.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"product": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"product_id": "receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debugsource@1.6.4-1.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"product": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"product_id": "receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debuginfo@1.6.4-1.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"product": {
"name": "automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"product_id": "automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy@2.6.14-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"product": {
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"product_id": "automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-server@2.6.14-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"product": {
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"product_id": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-debugsource@2.6.14-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"product": {
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"product_id": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-proxy-server-debuginfo@2.6.14-1.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-0:4.7.10-2.el9ap.aarch64",
"product": {
"name": "automation-controller-0:4.7.10-2.el9ap.aarch64",
"product_id": "automation-controller-0:4.7.10-2.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller@4.7.10-2.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"product": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"product_id": "automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-venv-tower@4.7.10-2.el9ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "receptor-0:1.6.4-2.el10ap.aarch64",
"product": {
"name": "receptor-0:1.6.4-2.el10ap.aarch64",
"product_id": "receptor-0:1.6.4-2.el10ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor@1.6.4-2.el10ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"product": {
"name": "receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"product_id": "receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debugsource@1.6.4-2.el10ap?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"product": {
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"product_id": "receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptor-debuginfo@1.6.4-2.el10ap?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base%2Bactivitystream@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base%2Bapi_documentation@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base%2Bauthentication@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base%2Bchannel_auth@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base%2Bfeature_flags@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base%2Bjwt_consumer@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base%2Boauth2_provider@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base%2Brbac@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base%2Bredis_client@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base%2Bresource_registry@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base%2Brest_filters@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"product": {
"name": "python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"product_id": "python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-ansible-base@2.6.20260325-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"product": {
"name": "python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"product_id": "python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-ansible@0.25.4-1.el9ap?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"product": {
"name": "python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"product_id": "python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulpcore@3.49.54-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-filter-0:25.2-1.el9ap.noarch",
"product": {
"name": "python3.12-django-filter-0:25.2-1.el9ap.noarch",
"product_id": "python3.12-django-filter-0:25.2-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django-filter@25.2-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"product": {
"name": "python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"product_id": "python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-asgiref@3.11.1-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"product": {
"name": "python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"product_id": "python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-channels%2Bdaphne@4.3.2-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-channels-0:4.3.2-1.el9ap.noarch",
"product": {
"name": "python3.12-channels-0:4.3.2-1.el9ap.noarch",
"product_id": "python3.12-channels-0:4.3.2-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-channels@4.3.2-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"product": {
"name": "python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"product_id": "python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-drf-spectacular@0.29.0-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-django-0:5.2.12-1.el9ap.noarch",
"product": {
"name": "python3.12-django-0:5.2.12-1.el9ap.noarch",
"product_id": "python3.12-django-0:5.2.12-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-django@5.2.12-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-core-1:2.16.17-1.el9ap.noarch",
"product": {
"name": "ansible-core-1:2.16.17-1.el9ap.noarch",
"product_id": "ansible-core-1:2.16.17-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.16.17-1.el9ap?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "ansible-test-1:2.16.17-1.el9ap.noarch",
"product": {
"name": "ansible-test-1:2.16.17-1.el9ap.noarch",
"product_id": "ansible-test-1:2.16.17-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-test@2.16.17-1.el9ap?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "receptorctl-0:1.6.4-1.el9ap.noarch",
"product": {
"name": "receptorctl-0:1.6.4-1.el9ap.noarch",
"product_id": "receptorctl-0:1.6.4-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptorctl@1.6.4-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"product": {
"name": "automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"product_id": "automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-platform-ui@2.6.7-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"product": {
"name": "automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"product_id": "automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller@1.2.7-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"product": {
"name": "automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"product_id": "automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-base@1.2.7-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"product": {
"name": "automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"product_id": "automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-base-services@1.2.7-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"product": {
"name": "automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"product_id": "automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-event-stream-services@1.2.7-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"product": {
"name": "automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"product_id": "automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-eda-controller-worker-services@1.2.7-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-hub-0:4.11.7-1.el9ap.noarch",
"product": {
"name": "automation-hub-0:4.11.7-1.el9ap.noarch",
"product_id": "automation-hub-0:4.11.7-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-hub@4.11.7-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"product": {
"name": "ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"product_id": "ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-rulebook@1.2.2-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"product": {
"name": "automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"product_id": "automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-cli@4.7.10-2.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-server-0:4.7.10-2.el9ap.noarch",
"product": {
"name": "automation-controller-server-0:4.7.10-2.el9ap.noarch",
"product_id": "automation-controller-server-0:4.7.10-2.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-server@4.7.10-2.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"product": {
"name": "automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"product_id": "automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-controller-ui@4.7.10-2.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"product": {
"name": "automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"product_id": "automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway@2.6.20260325-2.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"product": {
"name": "automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"product_id": "automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-config@2.6.20260325-2.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"product": {
"name": "automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"product_id": "automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/automation-gateway-server@2.6.20260325-2.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"product": {
"name": "ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"product_id": "ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-automation-platform-installer@2.6-6.1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"product": {
"name": "python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"product_id": "python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-galaxy-ng@4.11.7-2.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"product": {
"name": "python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"product_id": "python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3.12-pulp-container@2.19.8-1.el9ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "ansible-core-2:2.16.17-2.el10ap.noarch",
"product": {
"name": "ansible-core-2:2.16.17-2.el10ap.noarch",
"product_id": "ansible-core-2:2.16.17-2.el10ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/ansible-core@2.16.17-2.el10ap?arch=noarch\u0026epoch=2"
}
}
},
{
"category": "product_version",
"name": "python3-asgiref-0:3.11.1-2.el10ap.noarch",
"product": {
"name": "python3-asgiref-0:3.11.1-2.el10ap.noarch",
"product_id": "python3-asgiref-0:3.11.1-2.el10ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-asgiref@3.11.1-2.el10ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "python3-django-0:5.2.12-2.el10ap.noarch",
"product": {
"name": "python3-django-0:5.2.12-2.el10ap.noarch",
"product_id": "python3-django-0:5.2.12-2.el10ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python3-django@5.2.12-2.el10ap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "receptorctl-0:1.6.4-2.el10ap.noarch",
"product": {
"name": "receptorctl-0:1.6.4-2.el10ap.noarch",
"product_id": "receptorctl-0:1.6.4-2.el10ap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/receptorctl@1.6.4-2.el10ap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2:2.16.17-2.el10ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch"
},
"product_reference": "ansible-core-2:2.16.17-2.el10ap.noarch",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2:2.16.17-2.el10ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src"
},
"product_reference": "ansible-core-2:2.16.17-2.el10ap.src",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-asgiref-0:3.11.1-2.el10ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src"
},
"product_reference": "python-asgiref-0:3.11.1-2.el10ap.src",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:5.2.12-2.el10ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src"
},
"product_reference": "python-django-0:5.2.12-2.el10ap.src",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-asgiref-0:3.11.1-2.el10ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch"
},
"product_reference": "python3-asgiref-0:3.11.1-2.el10ap.noarch",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-django-0:5.2.12-2.el10ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch"
},
"product_reference": "python3-django-0:5.2.12-2.el10ap.noarch",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2:2.16.17-2.el10ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch"
},
"product_reference": "ansible-core-2:2.16.17-2.el10ap.noarch",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-2:2.16.17-2.el10ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src"
},
"product_reference": "ansible-core-2:2.16.17-2.el10ap.src",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-asgiref-0:3.11.1-2.el10ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src"
},
"product_reference": "python-asgiref-0:3.11.1-2.el10ap.src",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-django-0:5.2.12-2.el10ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src"
},
"product_reference": "python-django-0:5.2.12-2.el10ap.src",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-asgiref-0:3.11.1-2.el10ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch"
},
"product_reference": "python3-asgiref-0:3.11.1-2.el10ap.noarch",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-django-0:5.2.12-2.el10ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch"
},
"product_reference": "python3-django-0:5.2.12-2.el10ap.noarch",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-2.el10ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64"
},
"product_reference": "receptor-0:1.6.4-2.el10ap.aarch64",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-2.el10ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le"
},
"product_reference": "receptor-0:1.6.4-2.el10ap.ppc64le",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-2.el10ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x"
},
"product_reference": "receptor-0:1.6.4-2.el10ap.s390x",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-2.el10ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src"
},
"product_reference": "receptor-0:1.6.4-2.el10ap.src",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-2.el10ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64"
},
"product_reference": "receptor-0:1.6.4-2.el10ap.x86_64",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64"
},
"product_reference": "receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le"
},
"product_reference": "receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x"
},
"product_reference": "receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-2.el10ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64"
},
"product_reference": "receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-2.el10ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64"
},
"product_reference": "receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-2.el10ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le"
},
"product_reference": "receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-2.el10ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x"
},
"product_reference": "receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-2.el10ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64"
},
"product_reference": "receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptorctl-0:1.6.4-2.el10ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 10",
"product_id": "10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch"
},
"product_reference": "receptorctl-0:1.6.4-2.el10ap.noarch",
"relates_to_product_reference": "10Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-1:2.16.17-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch"
},
"product_reference": "ansible-core-1:2.16.17-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-1:2.16.17-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src"
},
"product_reference": "ansible-core-1:2.16.17-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-1:2.16.17-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch"
},
"product_reference": "ansible-test-1:2.16.17-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.7.10-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64"
},
"product_reference": "automation-controller-0:4.7.10-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.7.10-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le"
},
"product_reference": "automation-controller-0:4.7.10-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.7.10-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x"
},
"product_reference": "automation-controller-0:4.7.10-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.7.10-2.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src"
},
"product_reference": "automation-controller-0:4.7.10-2.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.7.10-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64"
},
"product_reference": "automation-controller-0:4.7.10-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-cli-0:4.7.10-2.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch"
},
"product_reference": "automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-server-0:4.7.10-2.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch"
},
"product_reference": "automation-controller-server-0:4.7.10-2.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-ui-0:4.7.10-2.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch"
},
"product_reference": "automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64"
},
"product_reference": "automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le"
},
"product_reference": "automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x"
},
"product_reference": "automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64"
},
"product_reference": "automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-asgiref-0:3.11.1-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch"
},
"product_reference": "python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-asgiref-0:3.11.1-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src"
},
"product_reference": "python3.12-asgiref-0:3.11.1-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:5.2.12-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch"
},
"product_reference": "python3.12-django-0:5.2.12-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:5.2.12-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src"
},
"product_reference": "python3.12-django-0:5.2.12-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptorctl-0:1.6.4-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch"
},
"product_reference": "receptorctl-0:1.6.4-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Developer-1.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-1:2.16.17-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch"
},
"product_reference": "ansible-core-1:2.16.17-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-1:2.16.17-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src"
},
"product_reference": "ansible-core-1:2.16.17-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-1:2.16.17-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch"
},
"product_reference": "ansible-test-1:2.16.17-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptorctl-0:1.6.4-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch"
},
"product_reference": "receptorctl-0:1.6.4-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6-Inside-1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64"
},
"product_reference": "aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le"
},
"product_reference": "aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x"
},
"product_reference": "aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src"
},
"product_reference": "aap-metrics-utility-0:0.6.3-3.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "aap-metrics-utility-0:0.6.3-3.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64"
},
"product_reference": "aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch"
},
"product_reference": "ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-automation-platform-installer-0:2.6-6.1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src"
},
"product_reference": "ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-1:2.16.17-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch"
},
"product_reference": "ansible-core-1:2.16.17-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-core-1:2.16.17-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src"
},
"product_reference": "ansible-core-1:2.16.17-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-rulebook-0:1.2.2-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch"
},
"product_reference": "ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-rulebook-0:1.2.2-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src"
},
"product_reference": "ansible-rulebook-0:1.2.2-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ansible-test-1:2.16.17-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch"
},
"product_reference": "ansible-test-1:2.16.17-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.7.10-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64"
},
"product_reference": "automation-controller-0:4.7.10-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.7.10-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le"
},
"product_reference": "automation-controller-0:4.7.10-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.7.10-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x"
},
"product_reference": "automation-controller-0:4.7.10-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.7.10-2.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src"
},
"product_reference": "automation-controller-0:4.7.10-2.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-0:4.7.10-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64"
},
"product_reference": "automation-controller-0:4.7.10-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-cli-0:4.7.10-2.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch"
},
"product_reference": "automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-server-0:4.7.10-2.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch"
},
"product_reference": "automation-controller-server-0:4.7.10-2.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-ui-0:4.7.10-2.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch"
},
"product_reference": "automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64"
},
"product_reference": "automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le"
},
"product_reference": "automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x"
},
"product_reference": "automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64"
},
"product_reference": "automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-0:1.2.7-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch"
},
"product_reference": "automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-0:1.2.7-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src"
},
"product_reference": "automation-eda-controller-0:1.2.7-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-base-0:1.2.7-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch"
},
"product_reference": "automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch"
},
"product_reference": "automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch"
},
"product_reference": "automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch"
},
"product_reference": "automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-0:2.6.20260325-2.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch"
},
"product_reference": "automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-0:2.6.20260325-2.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src"
},
"product_reference": "automation-gateway-0:2.6.20260325-2.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-config-0:2.6.20260325-2.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch"
},
"product_reference": "automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-0:2.6.14-1.el9.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64"
},
"product_reference": "automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-0:2.6.14-1.el9.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le"
},
"product_reference": "automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-0:2.6.14-1.el9.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x"
},
"product_reference": "automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-0:2.6.14-1.el9.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src"
},
"product_reference": "automation-gateway-proxy-0:2.6.14-1.el9.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-0:2.6.14-1.el9.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64"
},
"product_reference": "automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64"
},
"product_reference": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le"
},
"product_reference": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x"
},
"product_reference": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64"
},
"product_reference": "automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64"
},
"product_reference": "automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le"
},
"product_reference": "automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x"
},
"product_reference": "automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64"
},
"product_reference": "automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64"
},
"product_reference": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le"
},
"product_reference": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x"
},
"product_reference": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64"
},
"product_reference": "automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-gateway-server-0:2.6.20260325-2.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch"
},
"product_reference": "automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-hub-0:4.11.7-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch"
},
"product_reference": "automation-hub-0:4.11.7-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-hub-0:4.11.7-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src"
},
"product_reference": "automation-hub-0:4.11.7-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-platform-ui-0:2.6.7-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch"
},
"product_reference": "automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "automation-platform-ui-0:2.6.7-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src"
},
"product_reference": "automation-platform-ui-0:2.6.7-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-asgiref-0:3.11.1-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch"
},
"product_reference": "python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-asgiref-0:3.11.1-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src"
},
"product_reference": "python3.12-asgiref-0:3.11.1-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch"
},
"product_reference": "python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-channels-0:4.3.2-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch"
},
"product_reference": "python3.12-channels-0:4.3.2-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-channels-0:4.3.2-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src"
},
"product_reference": "python3.12-channels-0:4.3.2-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:5.2.12-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch"
},
"product_reference": "python3.12-django-0:5.2.12-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-0:5.2.12-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src"
},
"product_reference": "python3.12-django-0:5.2.12-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch"
},
"product_reference": "python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src"
},
"product_reference": "python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-filter-0:25.2-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch"
},
"product_reference": "python3.12-django-filter-0:25.2-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-django-filter-0:25.2-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src"
},
"product_reference": "python3.12-django-filter-0:25.2-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch"
},
"product_reference": "python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-drf-spectacular-0:0.29.0-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src"
},
"product_reference": "python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch"
},
"product_reference": "python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-galaxy-ng-0:4.11.7-2.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src"
},
"product_reference": "python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-0:12.1.1-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64"
},
"product_reference": "python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-0:12.1.1-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le"
},
"product_reference": "python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-0:12.1.1-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x"
},
"product_reference": "python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-0:12.1.1-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src"
},
"product_reference": "python3.12-pillow-0:12.1.1-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-0:12.1.1-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64"
},
"product_reference": "python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64"
},
"product_reference": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le"
},
"product_reference": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x"
},
"product_reference": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64"
},
"product_reference": "python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64"
},
"product_reference": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le"
},
"product_reference": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x"
},
"product_reference": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64"
},
"product_reference": "python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch"
},
"product_reference": "python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-ansible-1:0.25.4-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src"
},
"product_reference": "python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-container-0:2.19.8-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch"
},
"product_reference": "python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulp-container-0:2.19.8-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src"
},
"product_reference": "python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulpcore-0:3.49.54-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch"
},
"product_reference": "python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3.12-pulpcore-0:3.49.54-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src"
},
"product_reference": "python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.src as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.src",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-0:1.6.4-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64"
},
"product_reference": "receptor-0:1.6.4-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debuginfo-0:1.6.4-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64"
},
"product_reference": "receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.aarch64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.ppc64le as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.s390x as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptor-debugsource-0:1.6.4-1.el9ap.x86_64 as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64"
},
"product_reference": "receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "receptorctl-0:1.6.4-1.el9ap.noarch as a component of Red Hat Ansible Automation Platform 2.6 for RHEL 9",
"product_id": "9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
},
"product_reference": "receptorctl-0:1.6.4-1.el9ap.noarch",
"relates_to_product_reference": "9Base-Ansible-Automation-Platform-2.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64"
],
"known_not_affected": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T16:12:45+00:00",
"details": "For details on how to apply this update, refer to Ansible Automation Platform documentation.",
"product_ids": [
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: Unexpected session resumption in crypto/tls",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64"
],
"known_not_affected": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T16:12:45+00:00",
"details": "For details on how to apply this update, refer to Ansible Automation Platform documentation.",
"product_ids": [
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: Unexpected session resumption in crypto/tls"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src"
],
"known_not_affected": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T16:12:45+00:00",
"details": "For details on how to apply this update, refer to Ansible Automation Platform documentation.",
"product_ids": [
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-25639",
"cwe": {
"id": "CWE-1287",
"name": "Improper Validation of Specified Type of Input"
},
"discovery_date": "2026-02-09T21:00:49.280114+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2438237"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in the Axios npm package. the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing __proto__ as an own property. An attacker can trigger this by providing a malicious configuration object created via JSON.parse(), causing complete denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src"
],
"known_not_affected": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25639"
},
{
"category": "external",
"summary": "RHBZ#2438237",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2438237"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25639"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57",
"url": "https://github.com/axios/axios/commit/28c721588c7a77e7503d0a434e016f852c597b57"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.13.5",
"url": "https://github.com/axios/axios/releases/tag/v1.13.5"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433",
"url": "https://github.com/axios/axios/security/advisories/GHSA-43fc-jf86-j433"
}
],
"release_date": "2026-02-09T20:11:22.374000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T16:12:45+00:00",
"details": "For details on how to apply this update, refer to Ansible Automation Platform documentation.",
"product_ids": [
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios affected by Denial of Service via __proto__ Key in mergeConfig"
},
{
"cve": "CVE-2026-25990",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2026-02-11T21:05:39.535631+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439170"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found the Pillow Python imaging library. Providing a specially crafted PSD image may lead to an out-of-bounds write. This could potentially allow for arbitrary code execution or information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64"
],
"known_not_affected": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-25990"
},
{
"category": "external",
"summary": "RHBZ#2439170",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439170"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-25990",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25990"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"category": "external",
"summary": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
}
],
"release_date": "2026-02-11T20:53:52.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T16:12:45+00:00",
"details": "For details on how to apply this update, refer to Ansible Automation Platform documentation.",
"product_ids": [
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "pillow: Pillow: Out-of-bounds Write via Specially Crafted PSD Image"
},
{
"cve": "CVE-2026-27904",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-26T02:01:23.004531+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2442922"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in minimatch. A remote attacker could exploit this vulnerability by providing a specially crafted glob expression with nested unbounded quantifiers. This could lead to catastrophic backtracking in the V8 JavaScript engine, causing the application to become unresponsive and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Exploitation of this flaw requires that a user or service processes untrusted input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src"
],
"known_not_affected": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27904"
},
{
"category": "external",
"summary": "RHBZ#2442922",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27904"
},
{
"category": "external",
"summary": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74",
"url": "https://github.com/isaacs/minimatch/security/advisories/GHSA-23c5-xmqv-rm74"
}
],
"release_date": "2026-02-26T01:07:42.693000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T16:12:45+00:00",
"details": "For details on how to apply this update, refer to Ansible Automation Platform documentation.",
"product_ids": [
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions"
},
{
"cve": "CVE-2026-29074",
"cwe": {
"id": "CWE-776",
"name": "Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)"
},
"discovery_date": "2026-03-06T08:01:07.142613+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2445132"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in SVGO, an SVG (Scalable Vector Graphics) Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by submitting a specially crafted XML file. The application\u0027s failure to properly guard against XML entity expansion or recursion can lead to the Node.js process consuming excessive memory and crashing.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "svgo: SVGO: Denial of Service via XML entity expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src"
],
"known_not_affected": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-29074"
},
{
"category": "external",
"summary": "RHBZ#2445132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2445132"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-29074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29074"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-29074"
},
{
"category": "external",
"summary": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673",
"url": "https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673"
}
],
"release_date": "2026-03-06T07:23:05.716000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-03-31T16:12:45+00:00",
"details": "For details on how to apply this update, refer to Ansible Automation Platform documentation.",
"product_ids": [
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:6277"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:ansible-core-2:2.16.17-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-asgiref-0:3.11.1-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python-django-0:5.2.12-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:python3-asgiref-0:3.11.1-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:python3-django-0:5.2.12-2.el10ap.noarch",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.src",
"10Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.aarch64",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.ppc64le",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.s390x",
"10Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-2.el10ap.x86_64",
"10Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-2.el10ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Developer-1.3:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6-Inside-1.4:receptorctl-0:1.6.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:aap-metrics-utility-0:0.6.3-3.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-automation-platform-installer-0:2.6-6.1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-core-1:2.16.17-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:ansible-rulebook-0:1.2.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:ansible-test-1:2.16.17-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-cli-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-server-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-ui-0:4.7.10-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-controller-venv-tower-0:4.7.10-2.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-0:1.2.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-base-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-event-stream-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-eda-controller-worker-services-0:1.2.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-0:2.6.20260325-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-config-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.src",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-debugsource-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.aarch64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.s390x",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-proxy-server-debuginfo-0:2.6.14-1.el9.x86_64",
"9Base-Ansible-Automation-Platform-2.6:automation-gateway-server-0:2.6.20260325-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-hub-0:4.11.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:automation-platform-ui-0:2.6.7-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-asgiref-0:3.11.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels+daphne-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-channels-0:4.3.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-0:5.2.12-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+activitystream-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+api_documentation-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+authentication-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+channel_auth-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+feature_flags-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+jwt_consumer-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+oauth2_provider-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rbac-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+redis_client-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+resource_registry-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base+rest_filters-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-ansible-base-0:2.6.20260325-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-django-filter-0:25.2-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-drf-spectacular-0:0.29.0-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-galaxy-ng-0:4.11.7-2.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debuginfo-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pillow-debugsource-0:12.1.1-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-ansible-1:0.25.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulp-container-0:2.19.8-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.noarch",
"9Base-Ansible-Automation-Platform-2.6:python3.12-pulpcore-0:3.49.54-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.src",
"9Base-Ansible-Automation-Platform-2.6:receptor-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debuginfo-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.aarch64",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.ppc64le",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.s390x",
"9Base-Ansible-Automation-Platform-2.6:receptor-debugsource-0:1.6.4-1.el9ap.x86_64",
"9Base-Ansible-Automation-Platform-2.6:receptorctl-0:1.6.4-1.el9ap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "svgo: SVGO: Denial of Service via XML entity expansion"
}
]
}
FKIE_CVE-2026-25990
Vulnerability from fkie_nvd - Published: 2026-02-11 21:16 - Updated: 2026-02-13 21:32
Severity ?
Summary
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa | Patch | |
| security-advisories@github.com | https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2026/02/12/1 | Mailing List, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:python:pillow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1EECB9F0-00C4-414F-9066-02BAF05067C4",
"versionEndExcluding": "12.1.1",
"versionStartIncluding": "10.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1."
},
{
"lang": "es",
"value": "Pillow es una librer\u00eda de procesamiento de im\u00e1genes de Python. Desde la versi\u00f3n 10.3.0 hasta antes de la 12.1.1, una escritura fuera de l\u00edmites puede ser activada al cargar una imagen PSD especialmente manipulada. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 12.1.1."
}
],
"id": "CVE-2026-25990",
"lastModified": "2026-02-13T21:32:55.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "PROOF_OF_CONCEPT",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-02-11T21:16:20.670",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Patch"
],
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2026/02/12/1"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
GHSA-CFH3-3JMP-RVHC
Vulnerability from github – Published: 2026-02-11 14:22 – Updated: 2026-02-11 23:14
VLAI?
Summary
Pillow affected by out-of-bounds write when loading PSD images
Details
Impact
An out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow >= 10.3.0 users are affected.
Patches
Pillow 12.1.1 will be released shortly with a fix for this.
Workarounds
Image.open() has a formats parameter that can be used to prevent PSD images from being opened.
References
Pillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html
Severity ?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pillow"
},
"ranges": [
{
"events": [
{
"introduced": "10.3.0"
},
{
"fixed": "12.1.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-25990"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-11T14:22:50Z",
"nvd_published_at": "2026-02-11T21:16:20Z",
"severity": "HIGH"
},
"details": "### Impact\nAn out-of-bounds write may be triggered when loading a specially crafted PSD image. Pillow \u003e= 10.3.0 users are affected.\n\n### Patches\nPillow 12.1.1 will be released shortly with a fix for this.\n\n### Workarounds\n`Image.open()` has a `formats` parameter that can be used to prevent PSD images from being opened.\n\n### References\nPillow 12.1.1 will add release notes at https://pillow.readthedocs.io/en/stable/releasenotes/index.html",
"id": "GHSA-cfh3-3jmp-rvhc",
"modified": "2026-02-11T23:14:48Z",
"published": "2026-02-11T14:22:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
},
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/pull/9427"
},
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/commit/54ba4db542ad3c7b918812a4e2d69c27735a3199"
},
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"type": "PACKAGE",
"url": "https://github.com/python-pillow/Pillow"
},
{
"type": "WEB",
"url": "https://pillow.readthedocs.io/en/stable/releasenotes/12.1.1.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Pillow affected by out-of-bounds write when loading PSD images"
}
bit-pillow-2026-25990
Vulnerability from bitnami_vulndb
Published
2026-02-16 16:02
Modified
2026-02-16 16:32
Summary
Pillow has an out-of-bounds write when loading PSD images
Details
Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "pillow",
"purl": "pkg:bitnami/pillow"
},
"ranges": [
{
"events": [
{
"introduced": "10.3.0"
},
{
"fixed": "12.1.1"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
],
"aliases": [
"CVE-2026-25990"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:python:pillow:*:*:*:*:*:python:*:*"
],
"severity": "High"
},
"details": "Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, n out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1.",
"id": "BIT-pillow-2026-25990",
"modified": "2026-02-16T16:32:40.318Z",
"published": "2026-02-16T16:02:06.871Z",
"references": [
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2026/02/12/1"
},
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa"
},
{
"type": "WEB",
"url": "https://github.com/python-pillow/Pillow/security/advisories/GHSA-cfh3-3jmp-rvhc"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25990"
}
],
"schema_version": "1.6.2",
"summary": "Pillow has an out-of-bounds write when loading PSD images"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…