Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-22150 (GCVE-0-2025-22150)
Vulnerability from cvelistv5
Published
2025-01-21 17:46
Modified
2025-02-12 20:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22150",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-21T18:34:22.789606Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-12T20:41:22.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "undici",
"vendor": "nodejs",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.5.0, \u003c 5.28.5"
},
{
"status": "affected",
"version": "\u003e= 6.0.0, \u003c 6.21.1"
},
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.2.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-21T17:46:58.872Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"name": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"name": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"name": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"name": "https://hackerone.com/reports/2913312",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2913312"
},
{
"name": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"name": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
}
],
"source": {
"advisory": "GHSA-c76h-2ccp-4975",
"discovery": "UNKNOWN"
},
"title": "Undici Uses Insufficiently Random Values"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-22150",
"datePublished": "2025-01-21T17:46:58.872Z",
"dateReserved": "2024-12-30T03:00:33.654Z",
"dateUpdated": "2025-02-12T20:41:22.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-22150\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-01-21T18:15:14.887\",\"lastModified\":\"2025-01-21T18:15:14.887\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"references\":[{\"url\":\"https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://hackerone.com/reports/2913312\",\"source\":\"security-advisories@github.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-22150\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-21T18:34:22.789606Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-12T20:33:10.324Z\"}}], \"cna\": {\"title\": \"Undici Uses Insufficiently Random Values\", \"source\": {\"advisory\": \"GHSA-c76h-2ccp-4975\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"nodejs\", \"product\": \"undici\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.5.0, \u003c 5.28.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 6.0.0, \u003c 6.21.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 7.0.0, \u003c 7.2.3\"}]}], \"references\": [{\"url\": \"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\", \"name\": \"https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0\", \"name\": \"https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a\", \"name\": \"https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385\", \"name\": \"https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://hackerone.com/reports/2913312\", \"name\": \"https://hackerone.com/reports/2913312\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\", \"name\": \"https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113\", \"name\": \"https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-330\", \"description\": \"CWE-330: Use of Insufficiently Random Values\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-01-21T17:46:58.872Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-22150\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-12T20:41:22.041Z\", \"dateReserved\": \"2024-12-30T03:00:33.654Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-01-21T17:46:58.872Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
rhsa-2025:1611
Vulnerability from csaf_redhat
Published
2025-02-17 18:04
Modified
2025-10-03 21:08
Summary
Red Hat Security Advisory: nodejs:22 security update
Notes
Topic
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1611",
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1611.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2025-10-03T21:08:20+00:00",
"generator": {
"date": "2025-10-03T21:08:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:1611",
"initial_release_date": "2025-02-17T18:04:26+00:00",
"revision_history": [
{
"date": "2025-02-17T18:04:26+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T18:04:26+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-03T21:08:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"product": {
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm (nodejs:22)",
"product_id": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=src\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm (nodejs:22)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=src\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm (nodejs:22)",
"product_id": "nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=src\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"product": {
"name": "nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm (nodejs:22)",
"product_id": "nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm (nodejs:22)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm (nodejs:22)",
"product_id": "nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"product": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm (nodejs:22)",
"product_id": "nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.10.0%2B22759%2B46b58560?arch=noarch\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product": {
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22)",
"product_id": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22)",
"product_id": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product": {
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22)",
"product_id": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22)",
"product_id": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22)",
"product_id": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22)",
"product_id": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22)",
"product_id": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22)",
"product_id": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22)",
"product_id": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22)",
"product_id": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product": {
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22)",
"product_id": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22)",
"product_id": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product": {
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22)",
"product_id": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22)",
"product_id": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel8.10.0%2B22759%2B46b58560?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:22:8100020250130144944:6d880403"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22"
},
"product_reference": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22"
},
"product_reference": "nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22"
},
"product_reference": "nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22"
},
"product_reference": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22"
},
"product_reference": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22"
},
"product_reference": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
},
"product_reference": "npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22"
},
"product_reference": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22"
},
"product_reference": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22"
},
"product_reference": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
},
"product_reference": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T18:04:26+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1611"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-22.13.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-libs-debuginfo-22.13.1-1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22759+46b58560.src.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22759+46b58560.noarch.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.9.2-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.aarch64.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.ppc64le.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.s390x.rpm-nodejs:22",
"AppStream-8.10.0.Z.MAIN.EUS:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el8.10.0+22759+46b58560.x86_64.rpm-nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1446
Vulnerability from csaf_redhat
Published
2025-02-13 16:03
Modified
2025-10-03 21:08
Summary
Red Hat Security Advisory: nodejs:18 security update
Notes
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1446",
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1446.json"
}
],
"title": "Red Hat Security Advisory: nodejs:18 security update",
"tracking": {
"current_release_date": "2025-10-03T21:08:15+00:00",
"generator": {
"date": "2025-10-03T21:08:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:1446",
"initial_release_date": "2025-02-13T16:03:15+00:00",
"revision_history": [
{
"date": "2025-02-13T16:03:15+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-13T16:03:15+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-03T21:08:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"product": {
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm (nodejs:18)",
"product_id": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm (nodejs:18)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=src\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm (nodejs:18)",
"product_id": "nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=src\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"product": {
"name": "nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm (nodejs:18)",
"product_id": "nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm (nodejs:18)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm (nodejs:18)",
"product_id": "nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"product": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm (nodejs:18)",
"product_id": "nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.5.0%2B22773%2B9a359385?arch=noarch\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product": {
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18)",
"product_id": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product": {
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18)",
"product_id": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product": {
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18)",
"product_id": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product": {
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18)",
"product_id": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product": {
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18)",
"product_id": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product": {
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18)",
"product_id": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product": {
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18)",
"product_id": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product": {
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18)",
"product_id": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product": {
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18)",
"product_id": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product": {
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18)",
"product_id": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product": {
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18)",
"product_id": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product": {
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18)",
"product_id": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product": {
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18)",
"product_id": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product": {
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18)",
"product_id": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product": {
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18)",
"product_id": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product": {
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18)",
"product_id": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product": {
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18)",
"product_id": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product": {
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18)",
"product_id": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product": {
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18)",
"product_id": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product": {
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18)",
"product_id": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product": {
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18)",
"product_id": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product": {
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18)",
"product_id": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product": {
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18)",
"product_id": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product": {
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18)",
"product_id": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel9.5.0%2B22773%2B9a359385?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:9050020250206154514:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18"
},
"product_reference": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18"
},
"product_reference": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18"
},
"product_reference": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18"
},
"product_reference": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
},
"product_reference": "nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18"
},
"product_reference": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18"
},
"product_reference": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18"
},
"product_reference": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
},
"product_reference": "nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18"
},
"product_reference": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18"
},
"product_reference": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18"
},
"product_reference": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
},
"product_reference": "nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18"
},
"product_reference": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18"
},
"product_reference": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18"
},
"product_reference": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
},
"product_reference": "nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18"
},
"product_reference": "nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18"
},
"product_reference": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18"
},
"product_reference": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18"
},
"product_reference": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
},
"product_reference": "nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18"
},
"product_reference": "nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18"
},
"product_reference": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18"
},
"product_reference": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18"
},
"product_reference": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
},
"product_reference": "npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T16:03:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T16:03:15+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1446"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-18.20.6-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-18.20.6-1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22773+9a359385.src.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22773+9a359385.noarch.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.aarch64.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.ppc64le.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.s390x.rpm-nodejs:18",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.18.20.6.1.module+el9.5.0+22773+9a359385.x86_64.rpm-nodejs:18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:3374
Vulnerability from csaf_redhat
Published
2025-03-27 20:51
Modified
2025-10-20 08:04
Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.5.1 release.
Notes
Topic
Red Hat Developer Hub 1.5.1 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.5.1 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3374",
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-47068",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-52798",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56201",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56326",
"url": "https://access.redhat.com/security/cve/CVE-2024-56326"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56334",
"url": "https://access.redhat.com/security/cve/CVE-2024-56334"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-29774",
"url": "https://access.redhat.com/security/cve/CVE-2025-29774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-29775",
"url": "https://access.redhat.com/security/cve/CVE-2025-29775"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-27516",
"url": "https://access.redhat.com/security/cve/cve-2025-27516"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3374.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.5.1 release.",
"tracking": {
"current_release_date": "2025-10-20T08:04:33+00:00",
"generator": {
"date": "2025-10-20T08:04:33+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:3374",
"initial_release_date": "2025-03-27T20:51:32+00:00",
"revision_history": [
{
"date": "2025-03-27T20:51:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-04T11:00:58+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-20T08:04:33+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.5",
"product": {
"name": "Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3Afb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ac870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-47068",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-23T16:20:20.383320+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314249"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit\u2014namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "external",
"summary": "RHBZ#2314249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4",
"url": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541",
"url": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm"
}
],
"release_date": "2024-09-23T16:15:06.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS"
},
{
"cve": "CVE-2024-52798",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-12-05T23:00:59.020167+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability exists because of an incomplete fix for CVE-2024-45296.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "RHBZ#2330689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
"url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
}
],
"release_date": "2024-12-05T22:45:42.774000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Avoid using two parameters within a single path segment when the separator is not, for example, /:a-:b. Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2024-56201",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2024-12-23T16:00:38.768252+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333854"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja\u0027s sandbox being used. An attacker needs to be able to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates where the template author can also choose the template filename.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja has a sandbox breakout through malicious filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has rated as a IMPORTANT flaw because an attacker controlling both the template content and filename to execute arbitrary Python code, bypassing the sandbox.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "RHBZ#2333854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f",
"url": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/issues/1792",
"url": "https://github.com/pallets/jinja/issues/1792"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.5",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.5"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699"
}
],
"release_date": "2024-12-23T15:37:36.110000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "To mitigate this vulnerabilty restrict user-controlled template filenames, ensuring they follow a predefined templates.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jinja2: Jinja has a sandbox breakout through malicious filenames"
},
{
"cve": "CVE-2024-56326",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2024-12-23T16:00:46.619763+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja\u0027s sandbox does catch calls to str.format and ensures they don\u0027t escape the sandbox. However, storing a reference to a malicious string\u0027s format method is possible, then passing that to a filter that calls it. No such filters are built into Jinja but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja has a sandbox breakout through indirect reference to format method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Moderate due to an oversight in Jinja\u0027s sandbox environment, allowing attackers to execute arbitrary Python code through controlled template content. This requires control over template content, making exploitation possible only in specific applications, thus limiting its overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56326"
},
{
"category": "external",
"summary": "RHBZ#2333856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56326",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56326"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4",
"url": "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.5",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.5"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h"
}
],
"release_date": "2024-12-23T15:43:49.400000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jinja2: Jinja has a sandbox breakout through indirect reference to format method"
},
{
"cve": "CVE-2024-56334",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-12-20T21:00:48.166699+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333587"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the systeminformation library for Node.js. In Windows systems, the SSID parameter of the `getWindowsIEEE8021x` function is not sanitized before it is passed to cmd.exe. This may allow a remote attacker to execute arbitrary commands on the target system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systeminformation: Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the systeminformation library is marked as a high-severity issue because it allows for the execution of arbitrary commands via an unsanitized SSID input passed to `cmd.exe`. Since this flaw can lead to remote code execution (RCE) or local privilege escalation, it provides an attacker with the potential to execute malicious scripts on the affected system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56334"
},
{
"category": "external",
"summary": "RHBZ#2333587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333587"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56334"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56334",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56334"
},
{
"category": "external",
"summary": "https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41",
"url": "https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41"
},
{
"category": "external",
"summary": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m",
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m"
}
],
"release_date": "2024-12-20T20:10:12.578000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "systeminformation: Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-27516",
"cwe": {
"id": "CWE-1336",
"name": "Improper Neutralization of Special Elements Used in a Template Engine"
},
"discovery_date": "2025-03-05T21:01:07.674606+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2350190"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja\u0027s sandbox does catch calls to `str.format` and ensures they don\u0027t escape the sandbox. However, it\u0027s possible to use the `|attr` filter to get a reference to a string\u0027s plain format method, bypassing the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja sandbox breakout through attr filter selecting format method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity due to the potential for an attacker to bypass Jinja\u0027s sandbox by exploiting the |attr filter, by controlling template content, an attacker can execute arbitrary Python code, impacting the integrity, confidentiality, and availability of the system. While the attack requires user interaction to trigger untrusted templates, the risk is significant in applications that allow such templates to be executed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27516"
},
{
"category": "external",
"summary": "RHBZ#2350190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27516"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403",
"url": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7"
}
],
"release_date": "2025-03-05T20:40:06.568000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jinja2: Jinja sandbox breakout through attr filter selecting format method"
},
{
"cve": "CVE-2025-29774",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-03-14T18:01:09.149253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2352596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-29774"
},
{
"category": "external",
"summary": "RHBZ#2352596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-29774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-29774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29774"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g",
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g"
}
],
"release_date": "2025-03-14T17:05:53.943000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References"
},
{
"cve": "CVE-2025-29775",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-03-14T18:01:22.409532+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2352600"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-29775"
},
{
"category": "external",
"summary": "RHBZ#2352600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3",
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3"
}
],
"release_date": "2025-03-14T17:11:05.590000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment"
}
]
}
rhsa-2025:1443
Vulnerability from csaf_redhat
Published
2025-02-13 15:42
Modified
2025-10-03 21:08
Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1443",
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1443.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2025-10-03T21:08:13+00:00",
"generator": {
"date": "2025-10-03T21:08:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:1443",
"initial_release_date": "2025-02-13T15:42:45+00:00",
"revision_history": [
{
"date": "2025-02-13T15:42:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-13T15:42:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-03T21:08:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"product": {
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm (nodejs:20)",
"product_id": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=src\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm (nodejs:20)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=src\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm (nodejs:20)",
"product_id": "nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=src\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"product": {
"name": "nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm (nodejs:20)",
"product_id": "nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm (nodejs:20)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.3.0.z%2B20478%2B84a9f781?arch=noarch\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm (nodejs:20)",
"product_id": "nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"product": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm (nodejs:20)",
"product_id": "nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.3.0%2B19518%2B63aad52d?arch=noarch\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product": {
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20)",
"product_id": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product": {
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20)",
"product_id": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product": {
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20)",
"product_id": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product": {
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20)",
"product_id": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product": {
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20)",
"product_id": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product": {
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20)",
"product_id": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product": {
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20)",
"product_id": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product": {
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20)",
"product_id": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product": {
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20)",
"product_id": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product": {
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20)",
"product_id": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product": {
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20)",
"product_id": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product": {
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20)",
"product_id": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product": {
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20)",
"product_id": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product": {
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20)",
"product_id": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product": {
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20)",
"product_id": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product": {
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20)",
"product_id": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product": {
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20)",
"product_id": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product": {
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20)",
"product_id": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product": {
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20)",
"product_id": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product": {
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20)",
"product_id": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product": {
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20)",
"product_id": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product": {
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20)",
"product_id": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product": {
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20)",
"product_id": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product": {
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20)",
"product_id": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel9.5.0%2B22758%2B4ad2c198?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:9050020250130114516:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20"
},
"product_reference": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20"
},
"product_reference": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20"
},
"product_reference": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20"
},
"product_reference": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
},
"product_reference": "nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20"
},
"product_reference": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20"
},
"product_reference": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20"
},
"product_reference": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
},
"product_reference": "nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20"
},
"product_reference": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20"
},
"product_reference": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20"
},
"product_reference": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
},
"product_reference": "nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20"
},
"product_reference": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20"
},
"product_reference": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20"
},
"product_reference": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
},
"product_reference": "nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20"
},
"product_reference": "nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20"
},
"product_reference": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20"
},
"product_reference": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20"
},
"product_reference": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
},
"product_reference": "nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20"
},
"product_reference": "nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20"
},
"product_reference": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20"
},
"product_reference": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20"
},
"product_reference": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
},
"product_reference": "npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-13T15:42:45+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1443"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-20.18.2-1.module+el9.5.0+22758+4ad2c198.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-20.18.2-1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.3.0.z+20478+84a9f781.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.3.0+19518+63aad52d.src.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.3.0+19518+63aad52d.noarch.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.aarch64.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.ppc64le.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.s390x.rpm-nodejs:20",
"AppStream-9.5.0.Z.MAIN:npm-10.8.2-1.20.18.2.1.module+el9.5.0+22758+4ad2c198.x86_64.rpm-nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1613
Vulnerability from csaf_redhat
Published
2025-02-17 19:21
Modified
2025-10-03 21:08
Summary
Red Hat Security Advisory: nodejs:22 security update
Notes
Topic
An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:22 module is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1613",
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1613.json"
}
],
"title": "Red Hat Security Advisory: nodejs:22 security update",
"tracking": {
"current_release_date": "2025-10-03T21:08:18+00:00",
"generator": {
"date": "2025-10-03T21:08:18+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:1613",
"initial_release_date": "2025-02-17T19:21:42+00:00",
"revision_history": [
{
"date": "2025-02-17T19:21:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T19:21:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-03T21:08:18+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"product": {
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm (nodejs:22)",
"product_id": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=src\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm (nodejs:22)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=src\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm (nodejs:22)",
"product_id": "nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=src\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"product": {
"name": "nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm (nodejs:22)",
"product_id": "nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm (nodejs:22)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm (nodejs:22)",
"product_id": "nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"product": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm (nodejs:22)",
"product_id": "nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel9.5.0%2B22763%2B17233acb?arch=noarch\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product": {
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22)",
"product_id": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22)",
"product_id": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=aarch64\u0026epoch=3\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product": {
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22)",
"product_id": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22)",
"product_id": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=ppc64le\u0026epoch=3\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22)",
"product_id": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22)",
"product_id": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22)",
"product_id": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22)",
"product_id": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22)",
"product_id": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22)",
"product_id": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product": {
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22)",
"product_id": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22)",
"product_id": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=s390x\u0026epoch=3\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22)",
"product_id": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-libs-debuginfo@22.13.1-1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product": {
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22)",
"product_id": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.9.2-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
},
{
"category": "product_version",
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22)",
"product_id": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/v8-12.4-devel@12.4.254.21-1.22.13.1.1.module%2Bel9.5.0%2B22763%2B17233acb?arch=x86_64\u0026epoch=3\u0026rpmmod=nodejs:22:9050020250131131518:rhel9"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22"
},
"product_reference": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22"
},
"product_reference": "nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
},
"product_reference": "nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22"
},
"product_reference": "nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22"
},
"product_reference": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22"
},
"product_reference": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22"
},
"product_reference": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
},
"product_reference": "npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22"
},
"product_reference": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22"
},
"product_reference": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22"
},
"product_reference": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm (nodejs:22) as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
},
"product_reference": "v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"relates_to_product_reference": "AppStream-9.5.0.Z.MAIN"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T19:21:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1613"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-debugsource-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-devel-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-docs-22.13.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-full-i18n-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-libs-debuginfo-22.13.1-1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-nodemon-3.0.1-1.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-2021.06-4.module+el9.5.0+22763+17233acb.src.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:nodejs-packaging-bundler-2021.06-4.module+el9.5.0+22763+17233acb.noarch.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:npm-10.9.2-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.aarch64.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.ppc64le.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.s390x.rpm-nodejs:22",
"AppStream-9.5.0.Z.MAIN:v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9.5.0+22763+17233acb.x86_64.rpm-nodejs:22"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:3368
Vulnerability from csaf_redhat
Published
2025-03-27 17:45
Modified
2025-10-21 04:18
Summary
Red Hat Security Advisory: RHOAI 2.16.0 - Red Hat OpenShift AI
Notes
Topic
Updated images are now available for Red Hat OpenShift AI.
Details
Release of RHOAI 2.16.0 provides these changes:
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.16.0 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3368",
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-21538",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45296",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45339",
"url": "https://access.redhat.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-52798",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56171",
"url": "https://access.redhat.com/security/cve/CVE-2024-56171"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56201",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-24928",
"url": "https://access.redhat.com/security/cve/CVE-2025-24928"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26791",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3368.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.16.0 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2025-10-21T04:18:05+00:00",
"generator": {
"date": "2025-10-21T04:18:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:3368",
"initial_release_date": "2025-03-27T17:45:39+00:00",
"revision_history": [
{
"date": "2025-03-27T17:45:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-20T09:36:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-21T04:18:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.16",
"product": {
"name": "Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.16::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel8@sha256%3A8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742489156"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3A13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1741963152"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel8@sha256%3Aee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256%3Ad7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel8@sha256%3Aa0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256%3A2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel8@sha256%3A5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487199"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel8@sha256%3A036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742569683"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel8@sha256%3Abe47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851679"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel8@sha256%3A2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851679"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel8@sha256%3A8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851679"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256%3A96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851679"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256%3A52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851679"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel8@sha256%3A5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256%3Af738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1741882429"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3A6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742480582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel8@sha256%3A22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742488678"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel8@sha256%3Ade5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742489233"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256%3A4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742488070"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256%3A11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel8@sha256%3Ac499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742490565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel8@sha256%3A4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3A0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742921697"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3Ac11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.1-1742921168"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel8@sha256%3Ac8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742896493"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel8@sha256%3A3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742891516"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel8@sha256%3A633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487757"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21538",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-11-08T13:44:29.182678+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2324550"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-spawn: regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "RHBZ#2324550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/pull/160",
"url": "https://github.com/moxystudio/node-cross-spawn/pull/160"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230",
"url": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230"
}
],
"release_date": "2024-11-08T05:00:04.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cross-spawn: regular expression denial of service"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-45339",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-01-28T02:00:48.029971+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342463"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glog, a logging library. This vulnerability allows an unprivileged attacker to overwrite sensitive files via a symbolic link planted in a widely writable directory, exploiting the log file path predictability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "RHBZ#2342463",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342463"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45339",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45339"
},
{
"category": "external",
"summary": "https://github.com/golang/glog/pull/74",
"url": "https://github.com/golang/glog/pull/74"
},
{
"category": "external",
"summary": "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2",
"url": "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs",
"url": "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs"
},
{
"category": "external",
"summary": "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File",
"url": "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3372",
"url": "https://pkg.go.dev/vuln/GO-2025-3372"
}
],
"release_date": "2025-01-28T01:03:24.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog"
},
{
"cve": "CVE-2024-52798",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-12-05T23:00:59.020167+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability exists because of an incomplete fix for CVE-2024-45296.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "RHBZ#2330689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
"url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
}
],
"release_date": "2024-12-05T22:45:42.774000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
},
{
"category": "workaround",
"details": "Avoid using two parameters within a single path segment when the separator is not, for example, /:a-:b. Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2024-56171",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-02-18T23:01:25.366636+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use-After-Free in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important because it involves a use-after-free flaw in the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions. A maliciously crafted XML document or schema, containing specific identity constraints, can be used to trigger this vulnerability and potentially gain unauthorized access or cause a denial-of-service condition.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56171"
},
{
"category": "external",
"summary": "RHBZ#2346416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"
}
],
"release_date": "2025-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use-After-Free in libxml2"
},
{
"cve": "CVE-2024-56201",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2024-12-23T16:00:38.768252+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333854"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja\u0027s sandbox being used. An attacker needs to be able to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates where the template author can also choose the template filename.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja has a sandbox breakout through malicious filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has rated as a IMPORTANT flaw because an attacker controlling both the template content and filename to execute arbitrary Python code, bypassing the sandbox.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "RHBZ#2333854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f",
"url": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/issues/1792",
"url": "https://github.com/pallets/jinja/issues/1792"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.5",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.5"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699"
}
],
"release_date": "2024-12-23T15:37:36.110000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
},
{
"category": "workaround",
"details": "To mitigate this vulnerabilty restrict user-controlled template filenames, ensuring they follow a predefined templates.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jinja2: Jinja has a sandbox breakout through malicious filenames"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-24928",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-02-18T23:01:36.502916+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346421"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important because it involves a stack-based buffer overflow in the xmlSnprintfElements function within valid.c. Exploiting this issue requires DTD validation to occur on an untrusted document or untrusted DTD, making it a potential security risk for applications using libxml2 that do not adequately restrict DTD input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24928"
},
{
"category": "external",
"summary": "RHBZ#2346421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346421"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/392687022",
"url": "https://issues.oss-fuzz.com/issues/392687022"
}
],
"release_date": "2025-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-02-14T09:00:45.578144+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "RHBZ#2345695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://ensy.zip/posts/dompurify-323-bypass/",
"url": "https://ensy.zip/posts/dompurify-323-bypass/"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
"url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
},
{
"category": "external",
"summary": "https://nsysean.github.io/posts/dompurify-323-bypass/",
"url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
}
],
"release_date": "2025-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T17:45:39+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3368"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:8d78e6f1c302b1de6c45435a3d49c807fe5e4dbfe3e7a3d3ebfa0cac6318e79a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:5394cd240a8857906803affec711959da8b8da4e9a7225ddaefe9736c98949b4_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:036af0457f091059551ff63563d5cf68f062297a5630a869bbf3398d5e97ffdc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:be47d58f1943c5b4becc8cb541d9b0a53e6811451d9010c447b2c3e9b85c06c2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:2257fe7947959fd59346d2b322f7dbb471831880df659e57344b0d804c2c0099_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:8783f8aaed686a63ed1f913364c85606b1447540608f5b7f45412ff0868a4f38_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:96253b1b94bbaab87d4f8118dfee323eefebdc3734a7e01ebcf906dbc02a2a55_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:52613c18ed44062b6e5d5b748572dad624f773a83dbc7251ff87a807142e118a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:0471c444b4e0c6da97abf7936fe3af89fca6abbd5dca8a31db141c47a9af99db_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:c11b8f601a8a0d5fb6719c4c10bf7438ba242cc33d60e035e4cb4b0ae3c19105_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:3dc803cd65232113ec9b0bd529a4c98bd86936e5de85cc4e9b7b1f361d4db38e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling"
}
]
}
rhsa-2025:1931
Vulnerability from csaf_redhat
Published
2025-02-27 16:14
Modified
2025-10-03 21:08
Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.4.2 release.
Notes
Topic
Red Hat Developer Hub 1.4.2 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.4.2 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1931",
"url": "https://access.redhat.com/errata/RHSA-2025:1931"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-30261",
"url": "https://access.redhat.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1931.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.4.2 release.",
"tracking": {
"current_release_date": "2025-10-03T21:08:19+00:00",
"generator": {
"date": "2025-10-03T21:08:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:1931",
"initial_release_date": "2025-02-27T16:14:24+00:00",
"revision_history": [
{
"date": "2025-02-27T16:14:24+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-05T14:04:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-03T21:08:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product": {
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub (RHDH)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ac3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-30261",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2024-04-04T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2273519"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the nodejs-undici package. This issue may allow an attacker to alter the integrity option passed to fetch(), allowing fetch() to accept requests as valid even if they have been tampered with.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-30261"
},
{
"category": "external",
"summary": "RHBZ#2273519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2273519"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-30261",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30261"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30261"
}
],
"release_date": "2024-04-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-27T16:14:24+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1931"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs-undici: fetch() with integrity option is too lax when algorithm is specified but hash value is in incorrect"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-27T16:14:24+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1931"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:5eb109362246ccddd564febe6387bc6015d47555df00c36aa88c2247099851b7_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c3fcfee584652ee840c655ac4dd141743bafd5043865f20dd78116bc33e9e850_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8de6cdad90f1afd72dbc6637a6a14bdeedc7b909654a3913c4f44e518d6b22ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
}
]
}
rhsa-2025:2588
Vulnerability from csaf_redhat
Published
2025-03-10 23:41
Modified
2025-10-20 08:10
Summary
Red Hat Security Advisory: RHOAI 2.18.0 - Red Hat OpenShift AI
Notes
Topic
Updated images are now available for Red Hat OpenShift AI.
Details
Release of RHOAI 2.18.0 provides these changes:
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.18.0 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:2588",
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-11187",
"url": "https://access.redhat.com/security/cve/CVE-2024-11187"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-24970",
"url": "https://access.redhat.com/security/cve/CVE-2025-24970"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45337",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_2588.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.18.0 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2025-10-20T08:10:55+00:00",
"generator": {
"date": "2025-10-20T08:10:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:2588",
"initial_release_date": "2025-03-10T23:41:31+00:00",
"revision_history": [
{
"date": "2025-03-10T23:41:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-03-25T20:51:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-20T08:10:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.18",
"product": {
"name": "Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.18::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel8@sha256%3A4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989833"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3A31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990297"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel8@sha256%3Ab1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256%3A67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989936"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel8@sha256%3Aeaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989646"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256%3A5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989687"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel8@sha256%3A64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989446"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel8@sha256%3A2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989612"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel8@sha256%3A287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741002128"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel8@sha256%3A95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741001790"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel8@sha256%3Af28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256%3A0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990313"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-runtime-generic-rhel8@sha256%3A760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741002323"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256%3Adcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990379"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel8@sha256%3A4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989677"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256%3Aed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989933"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3A9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel8@sha256%3A25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989698"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel8@sha256%3A710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989704"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256%3A2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741002425"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256%3Aeb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989968"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel8@sha256%3A04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989471"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel8@sha256%3A983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989687"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3A36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741009551"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3A4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741008250"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel8@sha256%3A0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990420"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel8@sha256%3A81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741001643"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel8@sha256%3A0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989457"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3A42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990297"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3A100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3A71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f?arch=ppc64le\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741008250"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3Aef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740990297"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3A65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1740989839"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3Ad0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618?arch=s390x\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.18.0-1741008250"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64 as a component of Red Hat OpenShift AI 2.18",
"product_id": "Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.18"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Toshifumi Sakaguchi"
]
}
],
"cve": "CVE-2024-11187",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-29T21:04:37.737000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342879"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the bind package where a crafted DNS zone may generate numerous records in the \u0027Additional\u0027 section of the response. This flaw allows an attacker to send a large amount of such queries, which may lead either the authoritative server or an independent resolver to run into an uncontrolled CPU resource scenario, ultimately resulting in the server not being able to attend new requests and causing a denial of service as a consequence.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind: bind9: Many records in the additional section cause CPU exhaustion",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The bind package as shipped by Red Hat does not by default set the option `minimal-responses yes;` in the configuration file.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-11187"
},
{
"category": "external",
"summary": "RHBZ#2342879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342879"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-11187",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11187"
}
],
"release_date": "2025-01-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-10T23:41:31+00:00",
"details": "For Red Hat OpenShift AI 2.18.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
},
{
"category": "workaround",
"details": "Users can set the option `minimal-responses yes;`in the configuration file located at `/etc/named.conf`to mitigate this vulnerability.",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind: bind9: Many records in the additional section cause CPU exhaustion"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-10T23:41:31+00:00",
"details": "For Red Hat OpenShift AI 2.18.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-10T23:41:31+00:00",
"details": "For Red Hat OpenShift AI 2.18.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-10T23:41:31+00:00",
"details": "For Red Hat OpenShift AI 2.18.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-24970",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-02-10T23:00:52.785132+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2344787"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty\u0027s SslHandler. This vulnerability allows a native crash via a specially crafted packet that bypasses proper validation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Netty\u0027s SslHandler is of important severity rather than moderate because it directly impacts the stability and reliability of applications using native SSLEngine. By sending a specially crafted packet, an attacker can trigger a native crash, leading to a complete process termination. Unlike typical moderate vulnerabilities that might cause limited disruptions or require specific conditions, this flaw can be exploited remotely to induce a Denial of Service (DoS), affecting high-availability systems and mission-critical services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24970"
},
{
"category": "external",
"summary": "RHBZ#2344787",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344787"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24970"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4",
"url": "https://github.com/netty/netty/commit/87f40725155b2f89adfde68c7732f97c153676c4"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw",
"url": "https://github.com/netty/netty/security/advisories/GHSA-4g8c-wm8x-jfhw"
}
],
"release_date": "2025-02-10T21:57:28.730000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-10T23:41:31+00:00",
"details": "For Red Hat OpenShift AI 2.18.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:2588"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:4ddd68b7833330823dff7bdd37dae624ef48c68b1f9b35b69af7f39689ceedd6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:31339f9880eb772739b95373c38b3fd556d7c0979b6e794210eee42bbb15759a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:42526b0ea74edbc1cd68f5653079508ff70a77b4281d179af49912a55d226a5c_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:ef8fd37f0423adfec391e110feffb0e615e8296c3d16af987adb04de9b8a0ac4_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:b1c71db1615b364eedc4166dc3fe8138f935983870c2b840bba7521fdd9b745e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:67de22353f12e748992dc4b762eb3818e63c55fc414537b2acdc9a536f9ad308_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:eaf44292b49dd52e42f10648be2b998b497183ba1cfa8dfbdde8d2b9392ad065_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:5651949ff49477283133761f3b2c8007c1ecdef89d54514e136930d7904d38ec_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:64f3e5ed9b8cb87a2d6ceb3be86b3b0cf1289ccd4e709f87949c9ee620184709_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:2672bd37627f53a8f28a6cfd9ce42db7a25502ca455813cfa7b2c5c92401f0b3_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:287704b24ff3d632aa8cbee0ceee0ba243f2cc09362ed70edcf572b57789e456_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:95f4ad494fb1aba684d2da895a39e22218b5f5783e4733f8a415a0d8742beff6_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:f28aba8fda7e02baa7030cfd88ac9d29eeef587c16debc312b0bc2e0ad2960c2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:0e53cf167b70c6e284a74a85e6b709d9195fb9ba1209ac9d5755dc67cf85dd1b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-runtime-generic-rhel8@sha256:760de4b090ac300c5c274393eac2dc844b06c188bb0021d28e0a2804898c86a0_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:dcc7e9a622bb840324d6e908d57280980d4b5809230100643df599130448d82a_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:4a1c59d444c310b2228a402e1d87db1bc0183b814da39fa3bc815a35225ccaa2_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:ed9f12ed2e4396a6ef767407fc64a1bc628e2982c49129a696469dfd2394bf0d_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:100b591b606ac1a0f2ff57fec52d39b82e77e14c2deca8c7bb39f20ec4447efa_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:65f0e92df67c6e2d90e4d9daf16e559e643a67526ac3176af23a2c8a24f6437b_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:9e2fe03b12ca8b1022e0b1fc94153450865a5d1ecaa603442bb81a3e5ef66c93_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:25ad0bbadc6eef1ac13171ec7ef359d661953d91afb65218941dee922fb8c129_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:710c5ded6499b064418f430d2b021b9beb8e18bef9e82c5b510a8d7697d8ac15_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:04d62024187975226ca859477d3d14c06a82aa94d6859440e1eeea8b7105b4e5_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:2d4636ad760ea3a2ef2e85af2b4f2095d61c56c3fd367503bd9fadda74835e7e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:eb6684bcaa91f9c7563722cdf6267f17f8c9eceaeef8ee700bb5e7c9ae003a21_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:983a366325b87f642a0c4e4d3f6939f6ac615d6f26787fca10cb088302d3f60b_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-operator-bundle@sha256:36cb2436f653ee229bfde6f198c2efc433497b93f4a5dca91f306bb3b7ab3e11_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:4117d1b964cf7a90addb2b736a2008033ca375aea749621caa770518b5f3f9c1_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:71d7a8c4177f36474b6cb51c9b9c0fc4d001aea087aa73d29ca4d4cac9a1c24f_ppc64le",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:d0129f3de2e90ebfd70afd23183c0d2c57a903d332ea0eb185e06458cb517618_s390x",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:0a75ac726d1a35690d4f1dddc06a1473ebd563a032c8d08afbfa4d05aa5cc26e_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:81e6e6a9b88829a6c297238b031272b22d7c7b7c63b97556311f123f59d1ac00_amd64",
"Red Hat OpenShift AI 2.18:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:0820738e7b33b1dc25a9589b7cf0f9cb37e1c7d2a9fa51544ae56783a161b822_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.netty:netty-handler: SslHandler doesn\u0027t correctly validate packets which can lead to native crash when using native SSLEngine"
}
]
}
rhsa-2025:3397
Vulnerability from csaf_redhat
Published
2025-03-31 08:04
Modified
2025-10-21 04:18
Summary
Red Hat Security Advisory: RHOAI 2.16.0 - Red Hat OpenShift AI
Notes
Topic
Updated images are now available for Red Hat OpenShift AI.
Details
Release of RHOAI 2.16.0 provides these changes:
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated images are now available for Red Hat OpenShift AI.",
"title": "Topic"
},
{
"category": "general",
"text": "Release of RHOAI 2.16.0 provides these changes:",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3397",
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_ai/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-21538",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45296",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45339",
"url": "https://access.redhat.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-52798",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56171",
"url": "https://access.redhat.com/security/cve/CVE-2024-56171"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56201",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-24928",
"url": "https://access.redhat.com/security/cve/CVE-2025-24928"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26791",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3397.json"
}
],
"title": "Red Hat Security Advisory: RHOAI 2.16.0 - Red Hat OpenShift AI",
"tracking": {
"current_release_date": "2025-10-21T04:18:06+00:00",
"generator": {
"date": "2025-10-21T04:18:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:3397",
"initial_release_date": "2025-03-31T08:04:43+00:00",
"revision_history": [
{
"date": "2025-03-31T08:04:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-20T09:36:30+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-21T04:18:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift AI 2.16",
"product": {
"name": "Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_ai:2.16::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift AI"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-codeflare-operator-rhel8@sha256%3A04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743007500"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product_id": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-dashboard-rhel8@sha256%3A13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1741963152"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-argoexec-rhel8@sha256%3Aee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256%3Ad7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742851855"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product_id": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-data-science-pipelines-operator-controller-rhel8@sha256%3Aa0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487380"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kf-notebook-controller-rhel8@sha256%3A2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kuberay-operator-controller-rhel8@sha256%3A65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743007122"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"product_id": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-kueue-controller-rhel8@sha256%3A7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743007660"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-api-server-v2-rhel8@sha256%3A23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743008335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-driver-rhel8@sha256%3Aefd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743008335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-launcher-rhel8@sha256%3A27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743008335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256%3A5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743008335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"product_id": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256%3A4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743008335"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mlmd-grpc-server-rhel8@sha256%3A5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487039"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product_id": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-mm-rest-proxy-rhel8@sha256%3Af738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1741882429"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-controller-rhel8@sha256%3A6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742480582"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-operator-rhel8@sha256%3A22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742488678"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product_id": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-model-registry-rhel8@sha256%3Ade5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742489233"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-runtime-adapter-rhel8@sha256%3A4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742488070"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-serving-controller-rhel8@sha256%3A11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487789"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product_id": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-modelmesh-rhel8@sha256%3Ac499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742490565"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product_id": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-notebook-controller-rhel8@sha256%3A4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487225"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"product_id": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-operator-bundle@sha256%3Ac249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743106241"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"product_id": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-rhel8-operator@sha256%3A3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1743105405"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product_id": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-training-operator-rhel8@sha256%3Ac8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742896493"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-operator-rhel8@sha256%3Af37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742982653"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product_id": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odh-trustyai-service-rhel8@sha256%3A633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be?arch=amd64\u0026repository_url=registry.redhat.io/rhoai\u0026tag=v2.16.2-1742487757"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64 as a component of Red Hat OpenShift AI 2.16",
"product_id": "Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
},
"product_reference": "registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64",
"relates_to_product_reference": "Red Hat OpenShift AI 2.16"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-21538",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-11-08T13:44:29.182678+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2324550"
}
],
"notes": [
{
"category": "description",
"text": "A Regular Expression Denial of Service (ReDoS) vulnerability was found in the cross-spawn package for Node.js. Due to improper input sanitization, an attacker can increase CPU usage and crash the program with a large, specially crafted string.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cross-spawn: regular expression denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21538"
},
{
"category": "external",
"summary": "RHBZ#2324550",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2324550"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21538"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/5ff3a07d9add449021d806e45c4168203aa833ff"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f",
"url": "https://github.com/moxystudio/node-cross-spawn/commit/640d391fde65388548601d95abedccc12943374f"
},
{
"category": "external",
"summary": "https://github.com/moxystudio/node-cross-spawn/pull/160",
"url": "https://github.com/moxystudio/node-cross-spawn/pull/160"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230",
"url": "https://security.snyk.io/vuln/SNYK-JS-CROSSSPAWN-8303230"
}
],
"release_date": "2024-11-08T05:00:04.695000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "cross-spawn: regular expression denial of service"
},
{
"cve": "CVE-2024-45296",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-09-09T19:20:18.127723+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2310908"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp package, where it turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single-threaded and regex matching runs on the main thread, poor performance will block the event loop and lead to a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: Backtracking regular expressions cause ReDoS",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45296"
},
{
"category": "external",
"summary": "RHBZ#2310908",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310908"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45296"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f",
"url": "https://github.com/pillarjs/path-to-regexp/commit/29b96b4a1de52824e1ca0f49a701183cc4ed476f"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6",
"url": "https://github.com/pillarjs/path-to-regexp/commit/60f2121e9b66b7b622cc01080df0aabda9eedee6"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-9wv6-86v2-598j"
}
],
"release_date": "2024-09-09T19:15:13.330000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: Backtracking regular expressions cause ReDoS"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-45339",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-01-28T02:00:48.029971+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342463"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glog, a logging library. This vulnerability allows an unprivileged attacker to overwrite sensitive files via a symbolic link planted in a widely writable directory, exploiting the log file path predictability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45339"
},
{
"category": "external",
"summary": "RHBZ#2342463",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342463"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45339",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45339"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45339",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45339"
},
{
"category": "external",
"summary": "https://github.com/golang/glog/pull/74",
"url": "https://github.com/golang/glog/pull/74"
},
{
"category": "external",
"summary": "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2",
"url": "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs",
"url": "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs"
},
{
"category": "external",
"summary": "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File",
"url": "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3372",
"url": "https://pkg.go.dev/vuln/GO-2025-3372"
}
],
"release_date": "2025-01-28T01:03:24.105000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog"
},
{
"cve": "CVE-2024-52798",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-12-05T23:00:59.020167+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability exists because of an incomplete fix for CVE-2024-45296.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "RHBZ#2330689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
"url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
}
],
"release_date": "2024-12-05T22:45:42.774000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
},
{
"category": "workaround",
"details": "Avoid using two parameters within a single path segment when the separator is not, for example, /:a-:b. Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2024-56171",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2025-02-18T23:01:25.366636+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346416"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows a use-after-free via a crafted XML document validated against an XML schema with certain identity constraints or a crafted XML schema.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use-After-Free in libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important because it involves a use-after-free flaw in the xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables functions. A maliciously crafted XML document or schema, containing specific identity constraints, can be used to trigger this vulnerability and potentially gain unauthorized access or cause a denial-of-service condition.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56171"
},
{
"category": "external",
"summary": "RHBZ#2346416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346416"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56171",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56171"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56171"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/828"
}
],
"release_date": "2025-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use-After-Free in libxml2"
},
{
"cve": "CVE-2024-56201",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2024-12-23T16:00:38.768252+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333854"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja\u0027s sandbox being used. An attacker needs to be able to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates where the template author can also choose the template filename.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja has a sandbox breakout through malicious filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has rated as a IMPORTANT flaw because an attacker controlling both the template content and filename to execute arbitrary Python code, bypassing the sandbox.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "RHBZ#2333854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f",
"url": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/issues/1792",
"url": "https://github.com/pallets/jinja/issues/1792"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.5",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.5"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699"
}
],
"release_date": "2024-12-23T15:37:36.110000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
},
{
"category": "workaround",
"details": "To mitigate this vulnerabilty restrict user-controlled template filenames, ensuring they follow a predefined templates.",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jinja2: Jinja has a sandbox breakout through malicious filenames"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-24928",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-02-18T23:01:36.502916+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2346421"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libxml2. This vulnerability allows a stack-based buffer overflow via DTD validation of an untrusted document or untrusted DTD.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important because it involves a stack-based buffer overflow in the xmlSnprintfElements function within valid.c. Exploiting this issue requires DTD validation to occur on an untrusted document or untrusted DTD, making it a potential security risk for applications using libxml2 that do not adequately restrict DTD input.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-24928"
},
{
"category": "external",
"summary": "RHBZ#2346421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2346421"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-24928",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24928"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/847"
},
{
"category": "external",
"summary": "https://issues.oss-fuzz.com/issues/392687022",
"url": "https://issues.oss-fuzz.com/issues/392687022"
}
],
"release_date": "2025-02-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Stack-based buffer overflow in xmlSnprintfElements of libxml2"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-02-14T09:00:45.578144+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"known_not_affected": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "RHBZ#2345695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://ensy.zip/posts/dompurify-323-bypass/",
"url": "https://ensy.zip/posts/dompurify-323-bypass/"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
"url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
},
{
"category": "external",
"summary": "https://nsysean.github.io/posts/dompurify-323-bypass/",
"url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
}
],
"release_date": "2025-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-31T08:04:43+00:00",
"details": "For Red Hat OpenShift AI 2.16.0 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update:\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_ai/",
"product_ids": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3397"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-codeflare-operator-rhel8@sha256:04f305c44413ae7dcb7017e53570ee49a509701792c5f50efadd64f47395730b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-dashboard-rhel8@sha256:13da7e12e135cdb33c89686eca84cffae8ef691fcb4f346622ebd9b47f0a69ee_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-argoexec-rhel8@sha256:ee01e89f98feb185f6cd59c564e590a13e4d8d9ea760cca8de51426eb71b83a1_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8@sha256:d7d4fa406e0fcf0507894a7676532b27f45be742467e603a86f98ea5d2615df8_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-data-science-pipelines-operator-controller-rhel8@sha256:a0f72ffefb2b74b488dd949493f5d295a39bb9c97f578bf219d0138601f65468_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kf-notebook-controller-rhel8@sha256:2ba2b2c4db8bb334c50f4dfb54059f060361186900a44c06eed00b7a3c43977e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kuberay-operator-controller-rhel8@sha256:65482864055021272a18b5b26792ab00cfa5fc9cc005d8d3a884cc82991506f3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-kueue-controller-rhel8@sha256:7b70af8847b0806d8b43c399e2b3109f016fd864f5e9d30c44e2baca5d1359dc_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-api-server-v2-rhel8@sha256:23d307a36b69e0df04f72a7d3b35e28d8417a8bbe23dba31e8e977569785c078_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-driver-rhel8@sha256:efd039012559786deb3c521a130886c265e88d635e08baace2e573a9df270134_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-launcher-rhel8@sha256:27b113d96453c2054d4c965a963d2badba6daac235eddaf23234c76e87bcb069_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-persistenceagent-v2-rhel8@sha256:5192f1dbd2a9ab92ae390c4ae506efbed0970545b6122e95b014728ac937e777_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-ml-pipelines-scheduledworkflow-v2-rhel8@sha256:4a212ec634225c14beac09be24ddf336e562f2aa9a13555fb1196f366ddae23c_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mlmd-grpc-server-rhel8@sha256:5dcdcc2424602a69451f16d31dbfa1d43cb72c095ba561eb9076f0cd1e8182ed_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-mm-rest-proxy-rhel8@sha256:f738aab1eab25854c93e1d8d4d98100a8ae7bb45a6b83f0326774e4220b1183b_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-controller-rhel8@sha256:6cf74044ae8d5308a2dfe03fa5d81086c89302db7f4cdbe2f4174a1c48b77869_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-operator-rhel8@sha256:22557a6fa52d2f311750a9ba253860f423ba697d26efa02ef8524a8258d2a909_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-model-registry-rhel8@sha256:de5f91180ead7d73a1825fe8b032fde9b8b01392569c9789f5ce1b4b9c08a98f_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-rhel8@sha256:c499a2c4a7860a1853adf3ebfbf154f3c03c478034a78566b82711373210af39_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-runtime-adapter-rhel8@sha256:4a7599f8a866eb169c9a62885906adbf6df0417c0be15857df1eef20cd9b1be2_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-modelmesh-serving-controller-rhel8@sha256:11a301728573adf2b64ea72d0cb2d83ea5d4dbebea759f346e99f18c3d368c6e_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-notebook-controller-rhel8@sha256:4c5ff3496b2a2a739939d94ee9dafc02b682100785d228dc2fde480fb597b7a5_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-operator-bundle@sha256:c249b0fb2c573efc118557d9dd1551181d7b2dabcf8a9b86d9441059124d3802_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-rhel8-operator@sha256:3463aaa8f2a06e8b43cd6a39ff86aea7c76926d72ee0f53cf0e514399e4aed33_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-training-operator-rhel8@sha256:c8456d98e90b6505957ab3686e9fd2f156e29f123c5558e581c206daf1e7d93a_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-operator-rhel8@sha256:f37e4048f3a152798286793f3abfc6ed814453fcbe2667255a7e78eee483c5a3_amd64",
"Red Hat OpenShift AI 2.16:registry.redhat.io/rhoai/odh-trustyai-service-rhel8@sha256:633984b538f027c93c5886ea1045dcbe81eeda74acf80001d5fc5f765bdbe0be_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling"
}
]
}
rhsa-2025:1351
Vulnerability from csaf_redhat
Published
2025-02-12 15:32
Modified
2025-10-03 21:08
Summary
Red Hat Security Advisory: nodejs:20 security update
Notes
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1351",
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1351.json"
}
],
"title": "Red Hat Security Advisory: nodejs:20 security update",
"tracking": {
"current_release_date": "2025-10-03T21:08:13+00:00",
"generator": {
"date": "2025-10-03T21:08:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:1351",
"initial_release_date": "2025-02-12T15:32:22+00:00",
"revision_history": [
{
"date": "2025-02-12T15:32:22+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-12T15:32:22+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-03T21:08:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"product": {
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm (nodejs:20)",
"product_id": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm (nodejs:20)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm (nodejs:20)",
"product_id": "nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=src\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"product": {
"name": "nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm (nodejs:20)",
"product_id": "nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm (nodejs:20)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm (nodejs:20)",
"product_id": "nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"product": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm (nodejs:20)",
"product_id": "nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=noarch\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product": {
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20)",
"product_id": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product": {
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20)",
"product_id": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product": {
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20)",
"product_id": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product": {
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20)",
"product_id": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product": {
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20)",
"product_id": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product": {
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20)",
"product_id": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product": {
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20)",
"product_id": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product": {
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20)",
"product_id": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product": {
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20)",
"product_id": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product": {
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20)",
"product_id": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product": {
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20)",
"product_id": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product": {
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20)",
"product_id": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product": {
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20)",
"product_id": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product": {
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20)",
"product_id": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product": {
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20)",
"product_id": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product": {
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20)",
"product_id": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product": {
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20)",
"product_id": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product": {
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20)",
"product_id": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product": {
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20)",
"product_id": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product": {
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20)",
"product_id": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product": {
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20)",
"product_id": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product": {
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20)",
"product_id": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product": {
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20)",
"product_id": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@20.18.2-1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product": {
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20)",
"product_id": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.20.18.2.1.module%2Bel8.10.0%2B22767%2Ba3309b10?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:20:8100020250203134842:489197e6"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20"
},
"product_reference": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20"
},
"product_reference": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20"
},
"product_reference": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20"
},
"product_reference": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
},
"product_reference": "nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20"
},
"product_reference": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20"
},
"product_reference": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20"
},
"product_reference": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
},
"product_reference": "nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20"
},
"product_reference": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20"
},
"product_reference": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20"
},
"product_reference": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
},
"product_reference": "nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20"
},
"product_reference": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20"
},
"product_reference": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20"
},
"product_reference": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
},
"product_reference": "nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20"
},
"product_reference": "nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20"
},
"product_reference": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20"
},
"product_reference": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20"
},
"product_reference": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
},
"product_reference": "nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20"
},
"product_reference": "nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20"
},
"product_reference": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20"
},
"product_reference": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20"
},
"product_reference": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm (nodejs:20) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
},
"product_reference": "npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23083",
"cwe": {
"id": "CWE-863",
"name": "Incorrect Authorization"
},
"discovery_date": "2025-01-22T02:00:43.830080+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339392"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js diagnostics_channel. This vulnerability allows an attacker to reinstate and misuse worker constructors, potentially bypassing the Permission Model via hooking into events when a worker thread is created.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because the diagnostics_channel utility, allowing attackers to hook into events triggered when a worker thread is created. This not only exposes user-defined workers but also internal workers, enabling the attacker to retrieve instances and potentially capture and reinstate their constructors for malicious purposes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "RHBZ#2339392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23083"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/january-2025-security-releases"
}
],
"release_date": "2025-01-22T01:11:30.802000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js Worker Thread Exposure via Diagnostics Channel"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-12T15:32:22+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1351"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-20.18.2-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-20.18.2-1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.10.0+22767+a3309b10.src.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.10.0+22767+a3309b10.noarch.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.aarch64.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.ppc64le.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.s390x.rpm-nodejs:20",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.20.18.2.1.module+el8.10.0+22767+a3309b10.x86_64.rpm-nodejs:20"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:1582
Vulnerability from csaf_redhat
Published
2025-02-17 12:52
Modified
2025-10-03 21:08
Summary
Red Hat Security Advisory: nodejs:18 security update
Notes
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)\n\n* nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:1582",
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_1582.json"
}
],
"title": "Red Hat Security Advisory: nodejs:18 security update",
"tracking": {
"current_release_date": "2025-10-03T21:08:15+00:00",
"generator": {
"date": "2025-10-03T21:08:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:1582",
"initial_release_date": "2025-02-17T12:52:35+00:00",
"revision_history": [
{
"date": "2025-02-17T12:52:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-02-17T12:52:35+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-03T21:08:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm-nodejs:18",
"product": {
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm (nodejs:18)",
"product_id": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=src\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm-nodejs:18",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm (nodejs:18)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B21159%2Bf5a7145d?arch=src\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm-nodejs:18",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm (nodejs:18)",
"product_id": "nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=src\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm-nodejs:18",
"product": {
"name": "nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm (nodejs:18)",
"product_id": "nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-docs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=noarch\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm-nodejs:18",
"product": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm (nodejs:18)",
"product_id": "nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-nodemon@3.0.1-1.module%2Bel8.10.0%2B21159%2Bf5a7145d?arch=noarch\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"product": {
"name": "nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm (nodejs:18)",
"product_id": "nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=noarch\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"product": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm (nodejs:18)",
"product_id": "nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-packaging-bundler@2021.06-4.module%2Bel8.9.0%2B19439%2B7b18b275?arch=noarch\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product": {
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18)",
"product_id": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product": {
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18)",
"product_id": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product": {
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18)",
"product_id": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product": {
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18)",
"product_id": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product": {
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18)",
"product_id": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product": {
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18)",
"product_id": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=aarch64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product": {
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18)",
"product_id": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product": {
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18)",
"product_id": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product": {
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18)",
"product_id": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product": {
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18)",
"product_id": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product": {
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18)",
"product_id": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product": {
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18)",
"product_id": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=ppc64le\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product": {
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18)",
"product_id": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product": {
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18)",
"product_id": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product": {
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18)",
"product_id": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product": {
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18)",
"product_id": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product": {
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18)",
"product_id": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product": {
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18)",
"product_id": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=s390x\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product": {
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18)",
"product_id": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product": {
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18)",
"product_id": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debuginfo@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product": {
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18)",
"product_id": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-debugsource@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product": {
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18)",
"product_id": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-devel@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product": {
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18)",
"product_id": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs-full-i18n@18.20.6-1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
},
{
"category": "product_version",
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product": {
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18)",
"product_id": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/npm@10.8.2-1.18.20.6.1.module%2Bel8.10.0%2B22776%2B24cd6c55?arch=x86_64\u0026epoch=1\u0026rpmmod=nodejs:18:8100020250207121904:489197e6"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18"
},
"product_reference": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18"
},
"product_reference": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18"
},
"product_reference": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm-nodejs:18"
},
"product_reference": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
},
"product_reference": "nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18"
},
"product_reference": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18"
},
"product_reference": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18"
},
"product_reference": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
},
"product_reference": "nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18"
},
"product_reference": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18"
},
"product_reference": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18"
},
"product_reference": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
},
"product_reference": "nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18"
},
"product_reference": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18"
},
"product_reference": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18"
},
"product_reference": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
},
"product_reference": "nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm-nodejs:18"
},
"product_reference": "nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18"
},
"product_reference": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18"
},
"product_reference": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18"
},
"product_reference": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
},
"product_reference": "nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm-nodejs:18"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm-nodejs:18"
},
"product_reference": "nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm-nodejs:18"
},
"product_reference": "nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18"
},
"product_reference": "nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18"
},
"product_reference": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18"
},
"product_reference": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18"
},
"product_reference": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm (nodejs:18) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
},
"product_reference": "npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T12:52:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-23085",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-28T17:23:01.915000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342618"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in NodeJS when handling HTTP/2 connections, where the remote peer abruptly closes the socket without sending the proper HTTP/2 notification to the server, leading to a memory leak. This flaw allows an attacker to force the targeted process in the targeted host to an uncontrollable resource consumption state, starving the process and possibly other processes running at the same host to memory starvation, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "RHBZ#2342618",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342618"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23085"
}
],
"release_date": "2025-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-02-17T12:52:35+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:1582"
},
{
"category": "workaround",
"details": "There\u0027s no available mitigation for this issue other than updating to the package version which contains the fix.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debuginfo-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-debugsource-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-devel-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-docs-18.20.6-1.module+el8.10.0+22776+24cd6c55.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-full-i18n-18.20.6-1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-nodemon-3.0.1-1.module+el8.10.0+21159+f5a7145d.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-2021.06-4.module+el8.9.0+19439+7b18b275.src.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19439+7b18b275.noarch.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.aarch64.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.ppc64le.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.s390x.rpm-nodejs:18",
"AppStream-8.10.0.Z.MAIN.EUS:npm-10.8.2-1.18.20.6.1.module+el8.10.0+22776+24cd6c55.x86_64.rpm-nodejs:18"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap"
}
]
}
rhsa-2025:17145
Vulnerability from csaf_redhat
Published
2025-10-01 12:01
Modified
2025-10-03 22:10
Summary
Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17 security, enhancement & bug fix update
Notes
Topic
Red Hat OpenShift Data Foundation 4.17 security, enhancement & bug fix update
Details
Red Hat OpenShift Data Foundation 4.17 security, enhancement & bug fix update.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Data Foundation 4.17 security, enhancement \u0026 bug fix update",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Data Foundation 4.17 security, enhancement \u0026 bug fix update.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:17145",
"url": "https://access.redhat.com/errata/RHSA-2025:17145"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/",
"url": "https://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_17145.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17 security, enhancement \u0026 bug fix update",
"tracking": {
"current_release_date": "2025-10-03T22:10:51+00:00",
"generator": {
"date": "2025-10-03T22:10:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.9"
}
},
"id": "RHSA-2025:17145",
"initial_release_date": "2025-10-01T12:01:32+00:00",
"revision_history": [
{
"date": "2025-10-01T12:01:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-10-01T12:01:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-10-03T22:10:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Openshift Data Foundation 4.17",
"product": {
"name": "Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_data_foundation:4.17::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Openshift Data Foundation"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3Ac7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605117"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757611956"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"product_id": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-operator-bundle@sha256%3A218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612488"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605062"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Ab993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"product": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"product_id": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-operator-bundle@sha256%3Aed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612498"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3Ac5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605101"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"product_id": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-operator-bundle@sha256%3A7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612498"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Af8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605197"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"product": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"product_id": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-operator-bundle@sha256%3Add16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612524"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Aa9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Acdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-operator-bundle@sha256%3A636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612506"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Aec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605283"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Ab92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605370"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-operator-bundle@sha256%3A35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612514"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3Adf679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"product_id": "registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-operator-bundle@sha256%3Aaaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612520"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"product": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"product_id": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odf-prometheus-operator-bundle@sha256%3Aac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612523"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"product_id": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-cluster-operator-bundle@sha256%3A9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612531"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"product_id": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-hub-operator-bundle@sha256%3A48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612533"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3A86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605583"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"product": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"product_id": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/odr-recipe-operator-bundle@sha256%3A483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612534"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Abb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605518"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64",
"product_id": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-operator-bundle@sha256%3Af1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20?arch=amd64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757612538"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3Af608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605117"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757611956"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605062"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3Af184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3Ab17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605101"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3Adc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605197"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Ab0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3Aa0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3Ab99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3A17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3Ae8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3A72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605283"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Afbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605370"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Aaab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Aec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605583"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3A2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587?arch=ppc64le\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605518"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9@sha256%3A07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605117"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757611956"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"product_id": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-core-rhel9@sha256%3A120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605062"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-console-rhel9@sha256%3A51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605189"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605101"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"product_id": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-metrics-exporter-rhel9@sha256%3A07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605197"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3Aab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"product_id": "registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-console-rhel9@sha256%3A225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605262"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"product_id": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-cosi-sidecar-rhel9@sha256%3Ae669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605112"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3Ab10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-console-rhel9@sha256%3Aa010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605283"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3Ac4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605370"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3Ad344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Adc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605583"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"product": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"product_id": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rook-ceph-rhel9-operator@sha256%3Ab0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35?arch=s390x\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605518"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"product": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"product_id": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/cephcsi-rhel9-operator@sha256%3A8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757611956"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"product": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"product_id": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/mcg-rhel9-operator@sha256%3A4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605118"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"product_id": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-client-rhel9-operator@sha256%3A2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605101"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"product": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"product_id": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"product_identification_helper": {
"purl": "pkg:oci/ocs-rhel9-operator@sha256%3A15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605179"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"product_id": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-cli-rhel9@sha256%3A04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-rhel9-operator@sha256%3A0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605249"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"product_id": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-csi-addons-sidecar-rhel9@sha256%3A94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605232"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"product_id": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-multicluster-rhel9-operator@sha256%3A334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605370"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"product_id": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-must-gather-rhel9@sha256%3A7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605434"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"product": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"product_id": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odf-rhel9-operator@sha256%3A6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605526"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"product": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"product_id": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"product_identification_helper": {
"purl": "pkg:oci/odr-rhel9-operator@sha256%3Af475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012?arch=arm64\u0026repository_url=registry.redhat.io/odf4\u0026tag=v4.17-1757605583"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64"
},
"product_reference": "registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64"
},
"product_reference": "registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64 as a component of Red Hat Openshift Data Foundation 4.17",
"product_id": "Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64"
},
"product_reference": "registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64",
"relates_to_product_reference": "Red Hat Openshift Data Foundation 4.17"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64"
],
"known_not_affected": [
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-10-01T12:01:32+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://docs.redhat.com/en/documentation/red_hat_openshift_data_foundation/4.17/html/updating_openshift_data_foundation/updating-ocs-to-odf_rhodf",
"product_ids": [
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:17145"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-operator-bundle@sha256:218873830ae5140be10349b08bca288a66cd837d83c1c4eb7026cf2f81dea62a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:0ff71082f0e46ec806cef8dcbef750e02a8b6bce3193b987207ab242e2132178_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:16f2b6bb122078ab5f39e99a6ed046d16f570b813e25fe038d121341541e8e3b_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:8308ddca0ae68f5d26002ce7da0c8a07c5967e03f9e953f9e20015d31fe27b2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9-operator@sha256:9d814cd9d871c4d4388ff9a770ccf65c1e2c0b84a9834f41ed30c17088d6026c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:07b1728430bba1d5972366e16a146cab125dbaf02bb59ce62193630aac925f7e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:c7838c0b696349f697f2c7a165667e09799ef620a7e712ab715c3af23a40bb1c_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/cephcsi-rhel9@sha256:f608d0f360d923badd100732028f0ed8e4794d42db4406a8d9d1d0716300bd5e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:120bb47fa2ba5dbfd9aa50dd12cb11476ab0e265a15bd0990b47594902781240_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:145342094b8a2473ffc05f2f12db525712af6e6fcce7761a98c0e2ba5c79233f_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-core-rhel9@sha256:700c545f5a3b752d743d24dca36c9114161329ec3fc0ab4f2b87781870f2449a_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-operator-bundle@sha256:ed9e6e1a9d9d1956e40374800afe592bb3f6e61a7edd16dea844624e869c2ba0_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:276de4f5443c73b4270b4e12dac977376e8ce66a8d560c270cd742c296fe3a39_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:4cd4c22f6abb6da2eb0e927d9ab1ec76bc2300dd6af6c3afc2507d15e8c6ef2c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:b993ba30c006766d1327e047d5744704421eb533dda807ca467091270088f0dc_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/mcg-rhel9-operator@sha256:f184cb84569eaef3ead4eefd9870e8c7b3d0ca216202b5993004399b84060603_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:51f391c97cc38e78f1eb0efad0d33bee47975acacedf8861832743bc25d5489d_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:b17fa8546693526a09e9098ee2929cdf01dc4c070618ae4301b1b6cd4eae488d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-console-rhel9@sha256:c5eee39bf3802d1dcf532ddd9e3593b2ca1d9e806d5967b824f352616a72ebcf_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-operator-bundle@sha256:7ee82c9cc77e4300268381d7d8a00c343dd26ef1db3dca20683af4054d8d7663_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2a51c331324fe00f1c92cf9bfc9f12e4ea29b34a7105e5503aa05c223e830d51_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:2c433aeff6412b71bf40913a4eb2fe49a956d37cb027168f8e17d7c18b67cdf4_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:3da88817c32a6a141182164a6722bddbab9ef9e5d8521f0e714ea526a603b92e_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-client-rhel9-operator@sha256:413df635042b749eb2fec245263a8f8d96751c4c4f6688f45811e3ce47b2c7b2_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:07ea84cc031e1c88b026fea1dc1a3f4bdc695a828aa56f3fdd896b09de6b8778_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:dc6d08b94339b42efac1dc17e52c483084d59982d3c20a097992823eddd8bed0_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-metrics-exporter-rhel9@sha256:f8c160c6dbf37d223a567a4407abe2678dfd765968a1b5d56f9905682948a4f9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-operator-bundle@sha256:dd16c429b2f98f03cf4287beafe1525a72286f17cb0818fb084e46d24f128976_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:15e394a4e1ee534d3490ffaa4c43c341a5ea5502c2dd962982edc8a587caae90_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:4bed8c3b330b54f88f72815fd0034e1907ded310e3d67d90942a378df6fe7545_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:ab4b3e0943cced9b2bffb25efdfd2b52cbb02ecdb4ccde4e1ffb9f0f79db655e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/ocs-rhel9-operator@sha256:b0e3cb4bd4e0ca0c662fea801811d88628261bac514efaee5b64e2e9b50db091_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:04945e930df1dc3cb5f81d3fe19690b856b2f99ccdfd5286ecb862c63867dbfc_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:8daaf1ee358b64089c9e004807e3e23b694d7e6cb39e71fab41c42ab6f69facc_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:9cb6a0474e2a6928e00d5087f6117f35d8f9f6c3f8b47b8884ffc3a454d542fb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cli-rhel9@sha256:a0be73cb08e97006b9a930a55a8453ae3fea7870afe4c04828d7e2ee0866a895_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:225562443f620f38f1b37810ab96031f4f2db6fef70e0db4e0074b5d19a986b7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:4596bafe33260957505da3ef7ecdf8913d0ddcde8051d37a752070a2833dddfa_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-console-rhel9@sha256:b99688625ddc898075e3d8b103349292e0219575b38ac0e8954d6532f0c71fb4_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:17a18b54ddf1e8d3904ab4ed8525e0b16933905f640665877fafdb93c18867c3_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:a9ceb99a6aa92164e43fddf5cdae8f6e4af9ad0fab22da80cecb1d779fd4e661_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-cosi-sidecar-rhel9@sha256:e669c86fd65a6174e7f354366984a67f8ce86cd16983a96418c685bfc1be65f7_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-operator-bundle@sha256:636801e3669e8438c7ad105a72da20dc8749fa261ffe6d9d5b4a822e37a328cb_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:0c7b3db4adfc5d103902192c8c1c50a3d924f8030f2b5acc931dd097f801a928_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:67d6c7668f1713acfedac8dec6a762d1beac329ca93828d3a5212c0a0da3614d_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:b10ad3969ca5eabc194c50ccc9b6038f73c29c3be45e6b81ceaa69e772a1b8f9_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-rhel9-operator@sha256:cdbec30ff2e46e7e20cd5318226a32ec94457bc652c0a8b315eb90db91d5d89a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:8dc9931fe60832a46080479e902af6c674f6793f922dfa2e58ed9eb8110cc716_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:94a096f682d80a1e632749d0a901adfe5ad62a63034c9d537f1ac3702691dca1_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:e8984ec310ccb865a641439bbc370c4c225baaef63567ba3199ada3375827683_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-csi-addons-sidecar-rhel9@sha256:ec5466223d6d8ad0fadf57643ad425d88982dfd89577bed1039cace91c2574ce_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:72c50f22befa94706806b2837e94d99a1b3f73c3fe3fca7522c9cb6d753347bd_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:8f5117f7507fce0469134864b92b3bdcc706d5a0254258aa74c5c46f6fa17d6a_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-console-rhel9@sha256:a010eedfec7d31c06ace549edbfe721b6bffd982ccea76db4ceed25bd8710c01_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-operator-bundle@sha256:35fce23a6504732ffc4f0be72ba3146ffa87f38837c682cb906ae226e4f1b8c1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:334305472bc1f5b9e1746910ebcf20020bfa72890f9a620321b1ceee60bbe83c_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:b92131e6c10117add96b8dd27371da03c1309ec0eb02051c65bb79bb30e765b1_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:c4d3de06cb5b0cf7aca1ef75df713f2ce26db27903e71aad3a467075b02a6502_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-multicluster-rhel9-operator@sha256:fbe7f6713f972f9fc7d63012ac28b62266543efd62ac5656935102a71bf1eda9_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:03ecff3c25f59dd20a5929bf33ccd0a1b2f1866957f2a2d4d1a43cc75f70e8d4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:7fdfc833b0eca7331357cfee5c3bb4b727a636ccafab49f36a8a02093ee01905_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:aab015a3c526df1f791008765f50be2754f3d66bd8dc43b236b9c06b127a540b_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-must-gather-rhel9@sha256:d344d74919028237674323d4e1efcfd9c6d32f5e4fc9b8a9949ab60a54b04e4a_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-operator-bundle@sha256:aaf2249eb71b7fb9937599aefe8f19bb46e768759a275a50a41426a27aebeba2_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-prometheus-operator-bundle@sha256:ac40d8b92a95fd0c54632350ff2191b62e5340830d46391c97b6a770813e62c9_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:330c767a920c005e4d01f58342025d6f7c25710f97cd208d85ec92c2219afa8e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6b4cbf4c9117e72fba22ed738b6b181fd2dbb7777772decbcdbf97ba9ad8e6e2_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:6e44e981f8d55c78304e04d712c770f9f69f72fae04475354e29a58d4ecb9f4b_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odf-rhel9-operator@sha256:df679427bbad444516ae929f87b958ed5b72649204044d3e4b809247ae2c0ba4_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-cluster-operator-bundle@sha256:9731cb757024aee7fdf051bbe54bd5cfdcd82a330bad93f0e78c47a7ada21973_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-hub-operator-bundle@sha256:48fd2526f913f666384c08a862760736ddbf902d03161406ba9c6357467c4b12_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-recipe-operator-bundle@sha256:483ba4458ee50ce3634371565be8f1092c2a41c5b2f75c483ec779c40e4a83d7_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:86695b6398cc7ee013b2e6b31a1f6fc1bab3bbd5686572e51b8beaf535dd8218_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:dc93c7e31c0ca3d94904d7744f0a892a30d1023b85f2caeb22a957395d6b740e_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:ec92bd14fcbb50bdf7373f053a28efcc67ce44e7591869c5514772470041621e_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/odr-rhel9-operator@sha256:f475aa1657682054fb7a4ed4fbd089fea1afda6b308b49ee74541678db151012_arm64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-operator-bundle@sha256:f1a82c96ba59b07f45cccc96446884c99827b770c826db2be5feab65090a0f20_amd64",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:2f852f91f4f5b8e78ca12240e2bb5ae1afa73bf8c6bfa0c1722fc997d877a587_ppc64le",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:b0258e55e30f1b93b173ed5e87f0ce829615ca18583029f0e0fd5dad0c247e35_s390x",
"Red Hat Openshift Data Foundation 4.17:registry.redhat.io/odf4/rook-ceph-rhel9-operator@sha256:bb775582f10a22feffcb1e5713d5d28795406eec7a4a5a59e2b94653a3149224_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
}
]
}
CERTFR-2025-AVI-0214
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.4.1 pour Intel | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions antérieures à 3.12.16 | ||
| IBM | Sterling | Sterling B2B Integrator versions 6.2.x antérieures à 6.2.0.4 | ||
| IBM | Cloud Pak System | Cloud Pak System versions antérieures à v2.3.5.0 pour Power | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 IF03 | ||
| IBM | Sterling | Sterling B2B Integrator versions antérieures à 6.1.2.7 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.4.1 pour Intel",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions ant\u00e9rieures \u00e0 3.12.16",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.4",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak System versions ant\u00e9rieures \u00e0 v2.3.5.0 pour Power",
"product": {
"name": "Cloud Pak System",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11 IF03",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions ant\u00e9rieures \u00e0 6.1.2.7",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2022-48564",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48564"
},
{
"name": "CVE-2023-40217",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-40217"
},
{
"name": "CVE-2024-11187",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11187"
},
{
"name": "CVE-2022-46175",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46175"
},
{
"name": "CVE-2024-45638",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45638"
},
{
"name": "CVE-2023-46234",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-46234"
},
{
"name": "CVE-2021-32804",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32804"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2023-36632",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-36632"
},
{
"name": "CVE-2025-24970",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24970"
},
{
"name": "CVE-2023-32762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32762"
},
{
"name": "CVE-2022-48565",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48565"
},
{
"name": "CVE-2023-4807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2022-49043",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49043"
},
{
"name": "CVE-2023-32763",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32763"
},
{
"name": "CVE-2022-24302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24302"
},
{
"name": "CVE-2025-1244",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1244"
},
{
"name": "CVE-2023-27043",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27043"
},
{
"name": "CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"name": "CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"name": "CVE-2023-48795",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-48795"
},
{
"name": "CVE-2022-48566",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48566"
},
{
"name": "CVE-2024-21634",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21634"
},
{
"name": "CVE-2024-27306",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27306"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2021-32803",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-32803"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-48560",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48560"
},
{
"name": "CVE-2024-45643",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45643"
},
{
"name": "CVE-2023-32573",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32573"
},
{
"name": "CVE-2022-41854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41854"
},
{
"name": "CVE-2022-35737",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35737"
},
{
"name": "CVE-2022-25857",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25857"
},
{
"name": "CVE-2025-25193",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-25193"
},
{
"name": "CVE-2022-38900",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-38900"
},
{
"name": "CVE-2024-53104",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53104"
},
{
"name": "CVE-2023-24329",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24329"
},
{
"name": "CVE-2023-2976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2976"
},
{
"name": "CVE-2025-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-1094"
},
{
"name": "CVE-2022-1471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1471"
},
{
"name": "CVE-2024-0690",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0690"
},
{
"name": "CVE-2022-1365",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1365"
},
{
"name": "CVE-2020-11023",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
},
{
"name": "CVE-2022-4742",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4742"
}
],
"initial_release_date": "2025-03-14T00:00:00",
"last_revision_date": "2025-03-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0214",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185937",
"url": "https://www.ibm.com/support/pages/node/7185937"
},
{
"published_at": "2025-03-13",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185675",
"url": "https://www.ibm.com/support/pages/node/7185675"
},
{
"published_at": "2025-03-10",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185257",
"url": "https://www.ibm.com/support/pages/node/7185257"
},
{
"published_at": "2025-03-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185938",
"url": "https://www.ibm.com/support/pages/node/7185938"
},
{
"published_at": "2025-03-11",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7185353",
"url": "https://www.ibm.com/support/pages/node/7185353"
}
]
}
CERTFR-2025-AVI-0724
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | QRadar | QRadar Incident Forensics versions 7.5.x antérieures à QIF 7.5.0 UP13 IF01 | ||
| IBM | WebSphere Service Registry and Repository | WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de sécurité | ||
| IBM | Sterling B2B Integrator | Sterling B2B Integrator versions 6.x antérieures à 6.2.1.1 | ||
| IBM | QRadar | QRadar Data Synchronization App versions antérieures à 3.2.2 | ||
| IBM | QRadar Log Source Management App | QRadar Log Source Management App versions antérieures à 7.0.12 | ||
| IBM | Sterling File Gateway | Sterling File Gateway versions 6.x antérieures à 6.2.1.1 | ||
| IBM | QRadar SIEM | QRadar SIEM QRadar versions 7.5.x antérieures à 7.5.0 UP13 IF01 | ||
| IBM | QRadar | SOAR QRadar Plugin App versions antérieures à 5.6.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "QRadar Incident Forensics versions 7.5.x ant\u00e9rieures \u00e0 QIF 7.5.0 UP13 IF01",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Service Registry and Repository versions 8.5 sans les derniers correctifs de s\u00e9curit\u00e9",
"product": {
"name": "WebSphere Service Registry and Repository",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling B2B Integrator versions 6.x ant\u00e9rieures \u00e0 6.2.1.1",
"product": {
"name": "Sterling B2B Integrator",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization App versions ant\u00e9rieures \u00e0 3.2.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Log Source Management App versions ant\u00e9rieures \u00e0 7.0.12",
"product": {
"name": "QRadar Log Source Management App",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling File Gateway versions 6.x ant\u00e9rieures \u00e0 6.2.1.1",
"product": {
"name": "Sterling File Gateway",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM QRadar versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP13 IF01",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "SOAR QRadar Plugin App versions ant\u00e9rieures \u00e0 5.6.2",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-32996",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32996"
},
{
"name": "CVE-2025-36042",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-36042"
},
{
"name": "CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"name": "CVE-2025-48050",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48050"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2024-11831",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11831"
},
{
"name": "CVE-2025-6545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
},
{
"name": "CVE-2025-50182",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50182"
},
{
"name": "CVE-2025-50181",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-50181"
},
{
"name": "CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"name": "CVE-2018-14732",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14732"
},
{
"name": "CVE-2025-23085",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23085"
},
{
"name": "CVE-2025-32997",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32997"
},
{
"name": "CVE-2025-48976",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48976"
},
{
"name": "CVE-2025-30360",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30360"
},
{
"name": "CVE-2025-33120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-33120"
},
{
"name": "CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"name": "CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"name": "CVE-2024-47081",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47081"
},
{
"name": "CVE-2025-5889",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5889"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-27789",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27789"
},
{
"name": "CVE-2025-30359",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30359"
},
{
"name": "CVE-2025-6547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6547"
},
{
"name": "CVE-2025-47273",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-47273"
}
],
"initial_release_date": "2025-08-22T00:00:00",
"last_revision_date": "2025-08-22T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0724",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242291",
"url": "https://www.ibm.com/support/pages/node/7242291"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242269",
"url": "https://www.ibm.com/support/pages/node/7242269"
},
{
"published_at": "2025-08-15",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242292",
"url": "https://www.ibm.com/support/pages/node/7242292"
},
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242246",
"url": "https://www.ibm.com/support/pages/node/7242246"
},
{
"published_at": "2025-08-21",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242869",
"url": "https://www.ibm.com/support/pages/node/7242869"
},
{
"published_at": "2025-08-20",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7242665",
"url": "https://www.ibm.com/support/pages/node/7242665"
}
]
}
CERTFR-2025-AVI-0170
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 12.2.4 IF4 | ||
| IBM | QRadar | QRadar Data Synchronization versions antérieures à 3.2.1 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.1.x antérieures à 6.1.0.1 iFix 02 | ||
| IBM | WebSphere | WebSphere Application Server versions 9.0.x sans le correctif de sécurité temporaire PH16353 ou antérieures à 9.0.5.2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.1.x antérieures à 6.1.0.2 iFix 02 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de sécurité | ||
| IBM | Cognos Analytics | Cognos Analytics versions 12.0.x antérieures à 12.0.4 IF2 | ||
| IBM | Sterling | Sterling External Authentication Server versions 6.0.x antérieures à 6.0.3.1 iFix 02 | ||
| IBM | Sterling | Sterling Secure Proxy versions 6.2.x antérieures à 6.2.0.1 iFix 01 | ||
| IBM | Cognos Dashboards | Cognos Dashboards on Cloud Pak for Data versions 5.x antérieures à 5.1 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 12.2.4 IF4",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Data Synchronization versions ant\u00e9rieures \u00e0 3.2.1",
"product": {
"name": "QRadar",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "WebSphere Application Server versions 9.0.x sans le correctif de s\u00e9curit\u00e9 temporaire PH16353 ou ant\u00e9rieures \u00e0 9.0.5.2",
"product": {
"name": "WebSphere",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.1.x ant\u00e9rieures \u00e0 6.1.0.2 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 4.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 12.0.x ant\u00e9rieures \u00e0 12.0.4 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling External Authentication Server versions 6.0.x ant\u00e9rieures \u00e0 6.0.3.1 iFix 02",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Secure Proxy versions 6.2.x ant\u00e9rieures \u00e0 6.2.0.1 iFix 01",
"product": {
"name": "Sterling",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Dashboards on Cloud Pak for Data versions 5.x ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "Cognos Dashboards",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-21536",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21536"
},
{
"name": "CVE-2021-44906",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44906"
},
{
"name": "CVE-2023-35946",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35946"
},
{
"name": "CVE-2024-21235",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21235"
},
{
"name": "CVE-2024-21144",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21144"
},
{
"name": "CVE-2015-7450",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7450"
},
{
"name": "CVE-2022-48554",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48554"
},
{
"name": "CVE-2018-19797",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19797"
},
{
"name": "CVE-2023-28523",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28523"
},
{
"name": "CVE-2021-27290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27290"
},
{
"name": "CVE-2024-43799",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43799"
},
{
"name": "CVE-2023-31124",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31124"
},
{
"name": "CVE-2024-6232",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6232"
},
{
"name": "CVE-2023-23936",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23936"
},
{
"name": "CVE-2018-19827",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19827"
},
{
"name": "CVE-2018-11694",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11694"
},
{
"name": "CVE-2024-39331",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39331"
},
{
"name": "CVE-2022-4904",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4904"
},
{
"name": "CVE-2023-32067",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-32067"
},
{
"name": "CVE-2024-47561",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47561"
},
{
"name": "CVE-2024-30205",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30205"
},
{
"name": "CVE-2024-40094",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40094"
},
{
"name": "CVE-2023-24807",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-24807"
},
{
"name": "CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"name": "CVE-2024-29857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29857"
},
{
"name": "CVE-2024-30203",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30203"
},
{
"name": "CVE-2024-45590",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45590"
},
{
"name": "CVE-2024-43796",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43796"
},
{
"name": "CVE-2024-10917",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10917"
},
{
"name": "CVE-2021-35065",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-35065"
},
{
"name": "CVE-2023-23920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23920"
},
{
"name": "CVE-2022-24999",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24999"
},
{
"name": "CVE-2024-21538",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21538"
},
{
"name": "CVE-2023-31147",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31147"
},
{
"name": "CVE-2024-47764",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47764"
},
{
"name": "CVE-2023-23918",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23918"
},
{
"name": "CVE-2024-56340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56340"
},
{
"name": "CVE-2024-48948",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-48948"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2024-45216",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45216"
},
{
"name": "CVE-2024-47554",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47554"
},
{
"name": "CVE-2024-45296",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45296"
},
{
"name": "CVE-2023-28527",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28527"
},
{
"name": "CVE-2024-21147",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21147"
},
{
"name": "CVE-2023-39410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-39410"
},
{
"name": "CVE-2024-7254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7254"
},
{
"name": "CVE-2019-6286",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6286"
},
{
"name": "CVE-2022-37434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37434"
},
{
"name": "CVE-2018-19839",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-19839"
},
{
"name": "CVE-2024-21140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21140"
},
{
"name": "CVE-2024-45217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45217"
},
{
"name": "CVE-2024-38999",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38999"
},
{
"name": "CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"name": "CVE-2018-20821",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20821"
},
{
"name": "CVE-2019-6283",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6283"
},
{
"name": "CVE-2023-35947",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-35947"
},
{
"name": "CVE-2022-25881",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-25881"
},
{
"name": "CVE-2024-21138",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21138"
},
{
"name": "CVE-2023-23919",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23919"
},
{
"name": "CVE-2024-43800",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43800"
},
{
"name": "CVE-2024-21145",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21145"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2024-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-30204"
},
{
"name": "CVE-2018-20190",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20190"
},
{
"name": "CVE-2023-28526",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28526"
},
{
"name": "CVE-2023-28155",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28155"
},
{
"name": "CVE-2018-11698",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11698"
},
{
"name": "CVE-2025-0823",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0823"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2023-31130",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-31130"
},
{
"name": "CVE-2024-21131",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21131"
},
{
"name": "CVE-2024-21210",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21210"
},
{
"name": "CVE-2024-21217",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21217"
},
{
"name": "CVE-2024-27267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27267"
},
{
"name": "CVE-2020-7598",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7598"
},
{
"name": "CVE-2024-21208",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21208"
}
],
"initial_release_date": "2025-02-28T00:00:00",
"last_revision_date": "2025-02-28T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0170",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-28T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7183676",
"url": "https://www.ibm.com/support/pages/node/7183676"
},
{
"published_at": "2019-11-14",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 1107105",
"url": "https://www.ibm.com/support/pages/node/1107105"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184475",
"url": "https://www.ibm.com/support/pages/node/7184475"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184474",
"url": "https://www.ibm.com/support/pages/node/7184474"
},
{
"published_at": "2025-02-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184092",
"url": "https://www.ibm.com/support/pages/node/7184092"
},
{
"published_at": "2025-02-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184217",
"url": "https://www.ibm.com/support/pages/node/7184217"
},
{
"published_at": "2025-02-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7184476",
"url": "https://www.ibm.com/support/pages/node/7184476"
}
]
}
suse-su-2025:0237-1
Vulnerability from csaf_suse
Published
2025-01-24 19:33
Modified
2025-01-24 19:33
Summary
Security update for nodejs20
Notes
Title of the patch
Security update for nodejs20
Description of the patch
This update for nodejs20 fixes the following issues:
Update to 20.18.2:
- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
Patchnames
SUSE-2025-237,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-237,openSUSE-SLE-15.6-2025-237
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs20",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs20 fixes the following issues:\n\nUpdate to 20.18.2:\n\n- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)\n- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)\n- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-237,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-237,openSUSE-SLE-15.6-2025-237",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0237-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0237-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250237-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0237-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020197.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236250",
"url": "https://bugzilla.suse.com/1236250"
},
{
"category": "self",
"summary": "SUSE Bug 1236251",
"url": "https://bugzilla.suse.com/1236251"
},
{
"category": "self",
"summary": "SUSE Bug 1236258",
"url": "https://bugzilla.suse.com/1236258"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "Security update for nodejs20",
"tracking": {
"current_release_date": "2025-01-24T19:33:36Z",
"generator": {
"date": "2025-01-24T19:33:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0237-1",
"initial_release_date": "2025-01-24T19:33:36Z",
"revision_history": [
{
"date": "2025-01-24T19:33:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150600.3.9.1.aarch64",
"product": {
"name": "corepack20-20.18.2-150600.3.9.1.aarch64",
"product_id": "corepack20-20.18.2-150600.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150600.3.9.1.aarch64",
"product": {
"name": "nodejs20-20.18.2-150600.3.9.1.aarch64",
"product_id": "nodejs20-20.18.2-150600.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"product": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"product_id": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150600.3.9.1.aarch64",
"product": {
"name": "npm20-20.18.2-150600.3.9.1.aarch64",
"product_id": "npm20-20.18.2-150600.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150600.3.9.1.i586",
"product": {
"name": "corepack20-20.18.2-150600.3.9.1.i586",
"product_id": "corepack20-20.18.2-150600.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150600.3.9.1.i586",
"product": {
"name": "nodejs20-20.18.2-150600.3.9.1.i586",
"product_id": "nodejs20-20.18.2-150600.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150600.3.9.1.i586",
"product": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.i586",
"product_id": "nodejs20-devel-20.18.2-150600.3.9.1.i586"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150600.3.9.1.i586",
"product": {
"name": "npm20-20.18.2-150600.3.9.1.i586",
"product_id": "npm20-20.18.2-150600.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"product": {
"name": "nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"product_id": "nodejs20-docs-20.18.2-150600.3.9.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150600.3.9.1.ppc64le",
"product": {
"name": "corepack20-20.18.2-150600.3.9.1.ppc64le",
"product_id": "corepack20-20.18.2-150600.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150600.3.9.1.ppc64le",
"product": {
"name": "nodejs20-20.18.2-150600.3.9.1.ppc64le",
"product_id": "nodejs20-20.18.2-150600.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"product": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"product_id": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150600.3.9.1.ppc64le",
"product": {
"name": "npm20-20.18.2-150600.3.9.1.ppc64le",
"product_id": "npm20-20.18.2-150600.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150600.3.9.1.s390x",
"product": {
"name": "corepack20-20.18.2-150600.3.9.1.s390x",
"product_id": "corepack20-20.18.2-150600.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150600.3.9.1.s390x",
"product": {
"name": "nodejs20-20.18.2-150600.3.9.1.s390x",
"product_id": "nodejs20-20.18.2-150600.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"product": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"product_id": "nodejs20-devel-20.18.2-150600.3.9.1.s390x"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150600.3.9.1.s390x",
"product": {
"name": "npm20-20.18.2-150600.3.9.1.s390x",
"product_id": "npm20-20.18.2-150600.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150600.3.9.1.x86_64",
"product": {
"name": "corepack20-20.18.2-150600.3.9.1.x86_64",
"product_id": "corepack20-20.18.2-150600.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150600.3.9.1.x86_64",
"product": {
"name": "nodejs20-20.18.2-150600.3.9.1.x86_64",
"product_id": "nodejs20-20.18.2-150600.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"product": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"product_id": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150600.3.9.1.x86_64",
"product": {
"name": "npm20-20.18.2-150600.3.9.1.x86_64",
"product_id": "npm20-20.18.2-150600.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150600.3.9.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.18.2-150600.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "corepack20-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.18.2-150600.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "corepack20-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.18.2-150600.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "corepack20-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack20-20.18.2-150600.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "corepack20-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150600.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150600.3.9.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150600.3.9.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
},
"product_reference": "npm20-20.18.2-150600.3.9.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T19:33:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23083"
}
],
"notes": [
{
"category": "general",
"text": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23083",
"url": "https://www.suse.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "SUSE Bug 1236251 for CVE-2025-23083",
"url": "https://bugzilla.suse.com/1236251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T19:33:36Z",
"details": "important"
}
],
"title": "CVE-2025-23083"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:corepack20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:nodejs20-devel-20.18.2-150600.3.9.1.x86_64",
"openSUSE Leap 15.6:nodejs20-docs-20.18.2-150600.3.9.1.noarch",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.aarch64",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.ppc64le",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.s390x",
"openSUSE Leap 15.6:npm20-20.18.2-150600.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T19:33:36Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
suse-su-2025:0234-1
Vulnerability from csaf_suse
Published
2025-01-24 16:34
Modified
2025-01-24 16:34
Summary
Security update for nodejs18
Notes
Title of the patch
Security update for nodejs18
Description of the patch
This update for nodejs18 fixes the following issues:
Update to 18.20.6:
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
Patchnames
SUSE-2025-234,SUSE-SLE-SERVER-12-SP5-LTSS-2025-234,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-234
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs18",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs18 fixes the following issues:\n\nUpdate to 18.20.6:\n\n- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)\n- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-234,SUSE-SLE-SERVER-12-SP5-LTSS-2025-234,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2025-234",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0234-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0234-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250234-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0234-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020199.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236250",
"url": "https://bugzilla.suse.com/1236250"
},
{
"category": "self",
"summary": "SUSE Bug 1236258",
"url": "https://bugzilla.suse.com/1236258"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "Security update for nodejs18",
"tracking": {
"current_release_date": "2025-01-24T16:34:19Z",
"generator": {
"date": "2025-01-24T16:34:19Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0234-1",
"initial_release_date": "2025-01-24T16:34:19Z",
"revision_history": [
{
"date": "2025-01-24T16:34:19Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-8.33.1.aarch64",
"product": {
"name": "corepack18-18.20.6-8.33.1.aarch64",
"product_id": "corepack18-18.20.6-8.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-8.33.1.aarch64",
"product": {
"name": "nodejs18-18.20.6-8.33.1.aarch64",
"product_id": "nodejs18-18.20.6-8.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-8.33.1.aarch64",
"product": {
"name": "nodejs18-devel-18.20.6-8.33.1.aarch64",
"product_id": "nodejs18-devel-18.20.6-8.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-8.33.1.aarch64",
"product": {
"name": "npm18-18.20.6-8.33.1.aarch64",
"product_id": "npm18-18.20.6-8.33.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-8.33.1.i586",
"product": {
"name": "corepack18-18.20.6-8.33.1.i586",
"product_id": "corepack18-18.20.6-8.33.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-8.33.1.i586",
"product": {
"name": "nodejs18-18.20.6-8.33.1.i586",
"product_id": "nodejs18-18.20.6-8.33.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-8.33.1.i586",
"product": {
"name": "nodejs18-devel-18.20.6-8.33.1.i586",
"product_id": "nodejs18-devel-18.20.6-8.33.1.i586"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-8.33.1.i586",
"product": {
"name": "npm18-18.20.6-8.33.1.i586",
"product_id": "npm18-18.20.6-8.33.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs18-docs-18.20.6-8.33.1.noarch",
"product": {
"name": "nodejs18-docs-18.20.6-8.33.1.noarch",
"product_id": "nodejs18-docs-18.20.6-8.33.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-8.33.1.ppc64le",
"product": {
"name": "corepack18-18.20.6-8.33.1.ppc64le",
"product_id": "corepack18-18.20.6-8.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-8.33.1.ppc64le",
"product": {
"name": "nodejs18-18.20.6-8.33.1.ppc64le",
"product_id": "nodejs18-18.20.6-8.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-8.33.1.ppc64le",
"product": {
"name": "nodejs18-devel-18.20.6-8.33.1.ppc64le",
"product_id": "nodejs18-devel-18.20.6-8.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-8.33.1.ppc64le",
"product": {
"name": "npm18-18.20.6-8.33.1.ppc64le",
"product_id": "npm18-18.20.6-8.33.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-8.33.1.s390x",
"product": {
"name": "corepack18-18.20.6-8.33.1.s390x",
"product_id": "corepack18-18.20.6-8.33.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-8.33.1.s390x",
"product": {
"name": "nodejs18-18.20.6-8.33.1.s390x",
"product_id": "nodejs18-18.20.6-8.33.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-8.33.1.s390x",
"product": {
"name": "nodejs18-devel-18.20.6-8.33.1.s390x",
"product_id": "nodejs18-devel-18.20.6-8.33.1.s390x"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-8.33.1.s390x",
"product": {
"name": "npm18-18.20.6-8.33.1.s390x",
"product_id": "npm18-18.20.6-8.33.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-8.33.1.x86_64",
"product": {
"name": "corepack18-18.20.6-8.33.1.x86_64",
"product_id": "corepack18-18.20.6-8.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-8.33.1.x86_64",
"product": {
"name": "nodejs18-18.20.6-8.33.1.x86_64",
"product_id": "nodejs18-18.20.6-8.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-8.33.1.x86_64",
"product": {
"name": "nodejs18-devel-18.20.6-8.33.1.x86_64",
"product_id": "nodejs18-devel-18.20.6-8.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-8.33.1.x86_64",
"product": {
"name": "npm18-18.20.6-8.33.1.x86_64",
"product_id": "npm18-18.20.6-8.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss-extended-security:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-8.33.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-8.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-8.33.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-8.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-8.33.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x"
},
"product_reference": "nodejs18-18.20.6-8.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-8.33.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-8.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-8.33.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-8.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-8.33.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x"
},
"product_reference": "nodejs18-devel-18.20.6-8.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-8.33.1.noarch as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-8.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-8.33.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-8.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-8.33.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-8.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-8.33.1.s390x as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x"
},
"product_reference": "npm18-18.20.6-8.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-8.33.1.noarch as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-8.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-8.33.1.x86_64 as component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5",
"product_id": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-8.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server LTSS Extended Security 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T16:34:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.s390x",
"SUSE Linux Enterprise Server 12 SP5-LTSS:npm18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.6-8.33.1.x86_64",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.6-8.33.1.noarch",
"SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.6-8.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T16:34:19Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
suse-su-2025:0233-1
Vulnerability from csaf_suse
Published
2025-01-24 16:05
Modified
2025-01-24 16:05
Summary
Security update for nodejs18
Notes
Title of the patch
Security update for nodejs18
Description of the patch
This update for nodejs18 fixes the following issues:
Update to 18.20.6:
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
Patchnames
SUSE-2025-233,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-233,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-233,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-233,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-233,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-233,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-233,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-233,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-233,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-233
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs18",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs18 fixes the following issues:\n\nUpdate to 18.20.6:\n\n- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)\n- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-233,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-233,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-233,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-233,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-233,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-233,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-233,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-233,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-233,SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-233",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0233-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0233-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250233-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0233-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020200.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236250",
"url": "https://bugzilla.suse.com/1236250"
},
{
"category": "self",
"summary": "SUSE Bug 1236258",
"url": "https://bugzilla.suse.com/1236258"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "Security update for nodejs18",
"tracking": {
"current_release_date": "2025-01-24T16:05:12Z",
"generator": {
"date": "2025-01-24T16:05:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0233-1",
"initial_release_date": "2025-01-24T16:05:12Z",
"revision_history": [
{
"date": "2025-01-24T16:05:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-150400.9.33.1.aarch64",
"product": {
"name": "corepack18-18.20.6-150400.9.33.1.aarch64",
"product_id": "corepack18-18.20.6-150400.9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"product": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"product_id": "nodejs18-18.20.6-150400.9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"product": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"product_id": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-150400.9.33.1.aarch64",
"product": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64",
"product_id": "npm18-18.20.6-150400.9.33.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-150400.9.33.1.i586",
"product": {
"name": "corepack18-18.20.6-150400.9.33.1.i586",
"product_id": "corepack18-18.20.6-150400.9.33.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-150400.9.33.1.i586",
"product": {
"name": "nodejs18-18.20.6-150400.9.33.1.i586",
"product_id": "nodejs18-18.20.6-150400.9.33.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-150400.9.33.1.i586",
"product": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.i586",
"product_id": "nodejs18-devel-18.20.6-150400.9.33.1.i586"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-150400.9.33.1.i586",
"product": {
"name": "npm18-18.20.6-150400.9.33.1.i586",
"product_id": "npm18-18.20.6-150400.9.33.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"product": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"product_id": "nodejs18-docs-18.20.6-150400.9.33.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-150400.9.33.1.ppc64le",
"product": {
"name": "corepack18-18.20.6-150400.9.33.1.ppc64le",
"product_id": "corepack18-18.20.6-150400.9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"product": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"product_id": "nodejs18-18.20.6-150400.9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"product": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"product_id": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-150400.9.33.1.ppc64le",
"product": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le",
"product_id": "npm18-18.20.6-150400.9.33.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-150400.9.33.1.s390x",
"product": {
"name": "corepack18-18.20.6-150400.9.33.1.s390x",
"product_id": "corepack18-18.20.6-150400.9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-150400.9.33.1.s390x",
"product": {
"name": "nodejs18-18.20.6-150400.9.33.1.s390x",
"product_id": "nodejs18-18.20.6-150400.9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"product": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"product_id": "nodejs18-devel-18.20.6-150400.9.33.1.s390x"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-150400.9.33.1.s390x",
"product": {
"name": "npm18-18.20.6-150400.9.33.1.s390x",
"product_id": "npm18-18.20.6-150400.9.33.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack18-18.20.6-150400.9.33.1.x86_64",
"product": {
"name": "corepack18-18.20.6-150400.9.33.1.x86_64",
"product_id": "corepack18-18.20.6-150400.9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"product": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"product_id": "nodejs18-18.20.6-150400.9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"product": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"product_id": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm18-18.20.6-150400.9.33.1.x86_64",
"product": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64",
"product_id": "npm18-18.20.6-150400.9.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs18-docs-18.20.6-150400.9.33.1.noarch as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch"
},
"product_reference": "nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.ppc64le as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.s390x as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm18-18.20.6-150400.9.33.1.x86_64 as component of SUSE Manager Server 4.3",
"product_id": "SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
},
"product_reference": "npm18-18.20.6-150400.9.33.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T16:05:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP4-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP4:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:nodejs18-devel-18.20.6-150400.9.33.1.x86_64",
"SUSE Manager Server 4.3:nodejs18-docs-18.20.6-150400.9.33.1.noarch",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.ppc64le",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.s390x",
"SUSE Manager Server 4.3:npm18-18.20.6-150400.9.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T16:05:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
suse-su-2025:0284-1
Vulnerability from csaf_suse
Published
2025-01-29 13:47
Modified
2025-01-29 13:47
Summary
Security update for nodejs22
Notes
Title of the patch
Security update for nodejs22
Description of the patch
This update for nodejs22 fixes the following issues:
Update to 22.13.1:
- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
Patchnames
SUSE-2025-284,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-284,openSUSE-SLE-15.6-2025-284
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs22",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs22 fixes the following issues:\n\nUpdate to 22.13.1:\n\n- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)\n- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)\n- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-284,SUSE-SLE-Module-Web-Scripting-15-SP6-2025-284,openSUSE-SLE-15.6-2025-284",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0284-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0284-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250284-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0284-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020235.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236250",
"url": "https://bugzilla.suse.com/1236250"
},
{
"category": "self",
"summary": "SUSE Bug 1236251",
"url": "https://bugzilla.suse.com/1236251"
},
{
"category": "self",
"summary": "SUSE Bug 1236258",
"url": "https://bugzilla.suse.com/1236258"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "Security update for nodejs22",
"tracking": {
"current_release_date": "2025-01-29T13:47:55Z",
"generator": {
"date": "2025-01-29T13:47:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0284-1",
"initial_release_date": "2025-01-29T13:47:55Z",
"revision_history": [
{
"date": "2025-01-29T13:47:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.1-150600.13.6.1.aarch64",
"product": {
"name": "corepack22-22.13.1-150600.13.6.1.aarch64",
"product_id": "corepack22-22.13.1-150600.13.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.1-150600.13.6.1.aarch64",
"product": {
"name": "nodejs22-22.13.1-150600.13.6.1.aarch64",
"product_id": "nodejs22-22.13.1-150600.13.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"product": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"product_id": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.13.1-150600.13.6.1.aarch64",
"product": {
"name": "npm22-22.13.1-150600.13.6.1.aarch64",
"product_id": "npm22-22.13.1-150600.13.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.1-150600.13.6.1.i586",
"product": {
"name": "corepack22-22.13.1-150600.13.6.1.i586",
"product_id": "corepack22-22.13.1-150600.13.6.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.1-150600.13.6.1.i586",
"product": {
"name": "nodejs22-22.13.1-150600.13.6.1.i586",
"product_id": "nodejs22-22.13.1-150600.13.6.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.1-150600.13.6.1.i586",
"product": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.i586",
"product_id": "nodejs22-devel-22.13.1-150600.13.6.1.i586"
}
},
{
"category": "product_version",
"name": "npm22-22.13.1-150600.13.6.1.i586",
"product": {
"name": "npm22-22.13.1-150600.13.6.1.i586",
"product_id": "npm22-22.13.1-150600.13.6.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"product": {
"name": "nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"product_id": "nodejs22-docs-22.13.1-150600.13.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.1-150600.13.6.1.ppc64le",
"product": {
"name": "corepack22-22.13.1-150600.13.6.1.ppc64le",
"product_id": "corepack22-22.13.1-150600.13.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.1-150600.13.6.1.ppc64le",
"product": {
"name": "nodejs22-22.13.1-150600.13.6.1.ppc64le",
"product_id": "nodejs22-22.13.1-150600.13.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"product_id": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.13.1-150600.13.6.1.ppc64le",
"product": {
"name": "npm22-22.13.1-150600.13.6.1.ppc64le",
"product_id": "npm22-22.13.1-150600.13.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.1-150600.13.6.1.s390x",
"product": {
"name": "corepack22-22.13.1-150600.13.6.1.s390x",
"product_id": "corepack22-22.13.1-150600.13.6.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.1-150600.13.6.1.s390x",
"product": {
"name": "nodejs22-22.13.1-150600.13.6.1.s390x",
"product_id": "nodejs22-22.13.1-150600.13.6.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"product": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"product_id": "nodejs22-devel-22.13.1-150600.13.6.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.13.1-150600.13.6.1.s390x",
"product": {
"name": "npm22-22.13.1-150600.13.6.1.s390x",
"product_id": "npm22-22.13.1-150600.13.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.1-150600.13.6.1.x86_64",
"product": {
"name": "corepack22-22.13.1-150600.13.6.1.x86_64",
"product_id": "corepack22-22.13.1-150600.13.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.1-150600.13.6.1.x86_64",
"product": {
"name": "nodejs22-22.13.1-150600.13.6.1.x86_64",
"product_id": "nodejs22-22.13.1-150600.13.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"product": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"product_id": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.13.1-150600.13.6.1.x86_64",
"product": {
"name": "npm22-22.13.1-150600.13.6.1.x86_64",
"product_id": "npm22-22.13.1-150600.13.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:15:sp6"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.6"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.1-150600.13.6.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch"
},
"product_reference": "nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 15 SP6",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 15 SP6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.1-150600.13.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "corepack22-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.1-150600.13.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "corepack22-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.1-150600.13.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "corepack22-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.1-150600.13.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "corepack22-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.1-150600.13.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "nodejs22-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.1-150600.13.6.1.noarch as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch"
},
"product_reference": "nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.aarch64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.ppc64le as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.s390x as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.1-150600.13.6.1.x86_64 as component of openSUSE Leap 15.6",
"product_id": "openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
},
"product_reference": "npm22-22.13.1-150600.13.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T13:47:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23083"
}
],
"notes": [
{
"category": "general",
"text": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23083",
"url": "https://www.suse.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "SUSE Bug 1236251 for CVE-2025-23083",
"url": "https://bugzilla.suse.com/1236251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T13:47:55Z",
"details": "important"
}
],
"title": "CVE-2025-23083"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 15 SP6:npm22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:corepack22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:nodejs22-devel-22.13.1-150600.13.6.1.x86_64",
"openSUSE Leap 15.6:nodejs22-docs-22.13.1-150600.13.6.1.noarch",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.aarch64",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.ppc64le",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.s390x",
"openSUSE Leap 15.6:npm22-22.13.1-150600.13.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-29T13:47:55Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
suse-su-2025:0232-1
Vulnerability from csaf_suse
Published
2025-01-24 14:33
Modified
2025-01-24 14:33
Summary
Security update for nodejs20
Notes
Title of the patch
Security update for nodejs20
Description of the patch
This update for nodejs20 fixes the following issues:
Update to 20.18.2:
- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
Patchnames
SUSE-2025-232,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-232,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-232,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-232,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-232
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for nodejs20",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for nodejs20 fixes the following issues:\n\nUpdate to 20.18.2:\n\n- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)\n- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)\n- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2025-232,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-232,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-232,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-232,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-232",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_0232-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2025:0232-1",
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-20250232-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2025:0232-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020195.html"
},
{
"category": "self",
"summary": "SUSE Bug 1236250",
"url": "https://bugzilla.suse.com/1236250"
},
{
"category": "self",
"summary": "SUSE Bug 1236251",
"url": "https://bugzilla.suse.com/1236251"
},
{
"category": "self",
"summary": "SUSE Bug 1236258",
"url": "https://bugzilla.suse.com/1236258"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "Security update for nodejs20",
"tracking": {
"current_release_date": "2025-01-24T14:33:49Z",
"generator": {
"date": "2025-01-24T14:33:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2025:0232-1",
"initial_release_date": "2025-01-24T14:33:49Z",
"revision_history": [
{
"date": "2025-01-24T14:33:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150500.11.18.1.aarch64",
"product": {
"name": "corepack20-20.18.2-150500.11.18.1.aarch64",
"product_id": "corepack20-20.18.2-150500.11.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150500.11.18.1.aarch64",
"product": {
"name": "nodejs20-20.18.2-150500.11.18.1.aarch64",
"product_id": "nodejs20-20.18.2-150500.11.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"product": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"product_id": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150500.11.18.1.aarch64",
"product": {
"name": "npm20-20.18.2-150500.11.18.1.aarch64",
"product_id": "npm20-20.18.2-150500.11.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150500.11.18.1.i586",
"product": {
"name": "corepack20-20.18.2-150500.11.18.1.i586",
"product_id": "corepack20-20.18.2-150500.11.18.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150500.11.18.1.i586",
"product": {
"name": "nodejs20-20.18.2-150500.11.18.1.i586",
"product_id": "nodejs20-20.18.2-150500.11.18.1.i586"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150500.11.18.1.i586",
"product": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.i586",
"product_id": "nodejs20-devel-20.18.2-150500.11.18.1.i586"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150500.11.18.1.i586",
"product": {
"name": "npm20-20.18.2-150500.11.18.1.i586",
"product_id": "npm20-20.18.2-150500.11.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"product": {
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"product_id": "nodejs20-docs-20.18.2-150500.11.18.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150500.11.18.1.ppc64le",
"product": {
"name": "corepack20-20.18.2-150500.11.18.1.ppc64le",
"product_id": "corepack20-20.18.2-150500.11.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150500.11.18.1.ppc64le",
"product": {
"name": "nodejs20-20.18.2-150500.11.18.1.ppc64le",
"product_id": "nodejs20-20.18.2-150500.11.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"product": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"product_id": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150500.11.18.1.ppc64le",
"product": {
"name": "npm20-20.18.2-150500.11.18.1.ppc64le",
"product_id": "npm20-20.18.2-150500.11.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150500.11.18.1.s390x",
"product": {
"name": "corepack20-20.18.2-150500.11.18.1.s390x",
"product_id": "corepack20-20.18.2-150500.11.18.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150500.11.18.1.s390x",
"product": {
"name": "nodejs20-20.18.2-150500.11.18.1.s390x",
"product_id": "nodejs20-20.18.2-150500.11.18.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"product": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"product_id": "nodejs20-devel-20.18.2-150500.11.18.1.s390x"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150500.11.18.1.s390x",
"product": {
"name": "npm20-20.18.2-150500.11.18.1.s390x",
"product_id": "npm20-20.18.2-150500.11.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack20-20.18.2-150500.11.18.1.x86_64",
"product": {
"name": "corepack20-20.18.2-150500.11.18.1.x86_64",
"product_id": "corepack20-20.18.2-150500.11.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"product": {
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"product_id": "nodejs20-20.18.2-150500.11.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"product": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"product_id": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm20-20.18.2-150500.11.18.1.x86_64",
"product": {
"name": "npm20-20.18.2-150500.11.18.1.x86_64",
"product_id": "npm20-20.18.2-150500.11.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.s390x as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-docs-20.18.2-150500.11.18.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch"
},
"product_reference": "nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm20-20.18.2-150500.11.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
},
"product_reference": "npm20-20.18.2-150500.11.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T14:33:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23083"
}
],
"notes": [
{
"category": "general",
"text": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23083",
"url": "https://www.suse.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "SUSE Bug 1236251 for CVE-2025-23083",
"url": "https://bugzilla.suse.com/1236251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T14:33:49Z",
"details": "important"
}
],
"title": "CVE-2025-23083"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.aarch64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.s390x",
"SUSE Linux Enterprise Server 15 SP5-LTSS:npm20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-devel-20.18.2-150500.11.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:nodejs20-docs-20.18.2-150500.11.18.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:npm20-20.18.2-150500.11.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-24T14:33:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
opensuse-su-2025:14706-1
Vulnerability from csaf_opensuse
Published
2025-01-28 00:00
Modified
2025-01-28 00:00
Summary
corepack22-22.13.0-1.1 on GA media
Notes
Title of the patch
corepack22-22.13.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the corepack22-22.13.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-14706
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "corepack22-22.13.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the corepack22-22.13.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-14706",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_14706-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2025:14706-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WLMBUS6KTOM5ZRBZUFNAWPANSHPLYG3W/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2025:14706-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WLMBUS6KTOM5ZRBZUFNAWPANSHPLYG3W/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22150 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23083 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23083/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-23085 page",
"url": "https://www.suse.com/security/cve/CVE-2025-23085/"
}
],
"title": "corepack22-22.13.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-01-28T00:00:00Z",
"generator": {
"date": "2025-01-28T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:14706-1",
"initial_release_date": "2025-01-28T00:00:00Z",
"revision_history": [
{
"date": "2025-01-28T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.0-1.1.aarch64",
"product": {
"name": "corepack22-22.13.0-1.1.aarch64",
"product_id": "corepack22-22.13.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.0-1.1.aarch64",
"product": {
"name": "nodejs22-22.13.0-1.1.aarch64",
"product_id": "nodejs22-22.13.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.0-1.1.aarch64",
"product": {
"name": "nodejs22-devel-22.13.0-1.1.aarch64",
"product_id": "nodejs22-devel-22.13.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "nodejs22-docs-22.13.0-1.1.aarch64",
"product": {
"name": "nodejs22-docs-22.13.0-1.1.aarch64",
"product_id": "nodejs22-docs-22.13.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "npm22-22.13.0-1.1.aarch64",
"product": {
"name": "npm22-22.13.0-1.1.aarch64",
"product_id": "npm22-22.13.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.0-1.1.ppc64le",
"product": {
"name": "corepack22-22.13.0-1.1.ppc64le",
"product_id": "corepack22-22.13.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.0-1.1.ppc64le",
"product": {
"name": "nodejs22-22.13.0-1.1.ppc64le",
"product_id": "nodejs22-22.13.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.0-1.1.ppc64le",
"product": {
"name": "nodejs22-devel-22.13.0-1.1.ppc64le",
"product_id": "nodejs22-devel-22.13.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "nodejs22-docs-22.13.0-1.1.ppc64le",
"product": {
"name": "nodejs22-docs-22.13.0-1.1.ppc64le",
"product_id": "nodejs22-docs-22.13.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "npm22-22.13.0-1.1.ppc64le",
"product": {
"name": "npm22-22.13.0-1.1.ppc64le",
"product_id": "npm22-22.13.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.0-1.1.s390x",
"product": {
"name": "corepack22-22.13.0-1.1.s390x",
"product_id": "corepack22-22.13.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.0-1.1.s390x",
"product": {
"name": "nodejs22-22.13.0-1.1.s390x",
"product_id": "nodejs22-22.13.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.0-1.1.s390x",
"product": {
"name": "nodejs22-devel-22.13.0-1.1.s390x",
"product_id": "nodejs22-devel-22.13.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "nodejs22-docs-22.13.0-1.1.s390x",
"product": {
"name": "nodejs22-docs-22.13.0-1.1.s390x",
"product_id": "nodejs22-docs-22.13.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "npm22-22.13.0-1.1.s390x",
"product": {
"name": "npm22-22.13.0-1.1.s390x",
"product_id": "npm22-22.13.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "corepack22-22.13.0-1.1.x86_64",
"product": {
"name": "corepack22-22.13.0-1.1.x86_64",
"product_id": "corepack22-22.13.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-22.13.0-1.1.x86_64",
"product": {
"name": "nodejs22-22.13.0-1.1.x86_64",
"product_id": "nodejs22-22.13.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-devel-22.13.0-1.1.x86_64",
"product": {
"name": "nodejs22-devel-22.13.0-1.1.x86_64",
"product_id": "nodejs22-devel-22.13.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "nodejs22-docs-22.13.0-1.1.x86_64",
"product": {
"name": "nodejs22-docs-22.13.0-1.1.x86_64",
"product_id": "nodejs22-docs-22.13.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "npm22-22.13.0-1.1.x86_64",
"product": {
"name": "npm22-22.13.0-1.1.x86_64",
"product_id": "npm22-22.13.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64"
},
"product_reference": "corepack22-22.13.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le"
},
"product_reference": "corepack22-22.13.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x"
},
"product_reference": "corepack22-22.13.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "corepack22-22.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64"
},
"product_reference": "corepack22-22.13.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64"
},
"product_reference": "nodejs22-22.13.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le"
},
"product_reference": "nodejs22-22.13.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x"
},
"product_reference": "nodejs22-22.13.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-22.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64"
},
"product_reference": "nodejs22-22.13.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64"
},
"product_reference": "nodejs22-devel-22.13.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le"
},
"product_reference": "nodejs22-devel-22.13.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x"
},
"product_reference": "nodejs22-devel-22.13.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-devel-22.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64"
},
"product_reference": "nodejs22-devel-22.13.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64"
},
"product_reference": "nodejs22-docs-22.13.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le"
},
"product_reference": "nodejs22-docs-22.13.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x"
},
"product_reference": "nodejs22-docs-22.13.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-docs-22.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64"
},
"product_reference": "nodejs22-docs-22.13.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64"
},
"product_reference": "npm22-22.13.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le"
},
"product_reference": "npm22-22.13.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x"
},
"product_reference": "npm22-22.13.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "npm22-22.13.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
},
"product_reference": "npm22-22.13.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-22150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22150"
}
],
"notes": [
{
"category": "general",
"text": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22150",
"url": "https://www.suse.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "SUSE Bug 1236257 for CVE-2025-22150",
"url": "https://bugzilla.suse.com/1236257"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-22150"
},
{
"cve": "CVE-2025-23083",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23083"
}
],
"notes": [
{
"category": "general",
"text": "With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. \r\n\r\nThis vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23083",
"url": "https://www.suse.com/security/cve/CVE-2025-23083"
},
{
"category": "external",
"summary": "SUSE Bug 1236251 for CVE-2025-23083",
"url": "https://bugzilla.suse.com/1236251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-28T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-23083"
},
{
"cve": "CVE-2025-23085",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-23085"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions.\r\n\r\nThis vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-23085",
"url": "https://www.suse.com/security/cve/CVE-2025-23085"
},
{
"category": "external",
"summary": "SUSE Bug 1236250 for CVE-2025-23085",
"url": "https://bugzilla.suse.com/1236250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:corepack22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-devel-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:nodejs22-docs-22.13.0-1.1.x86_64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.aarch64",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.ppc64le",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.s390x",
"openSUSE Tumbleweed:npm22-22.13.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-01-28T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-23085"
}
]
}
fkie_cve-2025-22150
Vulnerability from fkie_nvd
Published
2025-01-21 18:15
Modified
2025-01-21 18:15
Severity ?
Summary
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f | ||
| security-advisories@github.com | https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113 | ||
| security-advisories@github.com | https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0 | ||
| security-advisories@github.com | https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a | ||
| security-advisories@github.com | https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385 | ||
| security-advisories@github.com | https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975 | ||
| security-advisories@github.com | https://hackerone.com/reports/2913312 |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers."
},
{
"lang": "es",
"value": "Undici es un cliente HTTP/1.1. A partir de la versi\u00f3n 4.5.0 y antes de las versiones 5.28.5, 6.21.1 y 7.2.3, undici usa `Math.random()` para elegir el l\u00edmite de una solicitud multiparte/form-data. Se sabe que la salida de `Math.random()` se puede predecir si se conocen varios de sus valores generados. Si hay un mecanismo en una aplicaci\u00f3n que env\u00eda solicitudes multiparte a un sitio web controlado por un atacante, este puede usarlo para filtrar los valores necesarios. Por lo tanto, un atacante puede manipular las solicitudes que van a las API de backend si se cumplen ciertas condiciones. Esto se solucion\u00f3 en las versiones 5.28.5, 6.21.1 y 7.2.3. Como workaround, no env\u00ede solicitudes multiparte a servidores controlados por un atacante."
}
],
"id": "CVE-2025-22150",
"lastModified": "2025-01-21T18:15:14.887",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-01-21T18:15:14.887",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"source": "security-advisories@github.com",
"url": "https://hackerone.com/reports/2913312"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-330"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
ghsa-c76h-2ccp-4975
Vulnerability from github
Published
2025-01-21 21:10
Modified
2025-01-21 21:10
Severity ?
VLAI Severity ?
Summary
Use of Insufficiently Random Values in undici
Details
Impact
Undici fetch() uses Math.random() to choose the boundary for a multipart/form-data request. It is known that the output of Math.random() can be predicted if several of its generated values are known.
If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, An attacker can tamper with the requests going to the backend APIs if certain conditions are met.
Patches
This is fixed in 5.28.5; 6.21.1; 7.2.3.
Workarounds
Do not issue multipart requests to attacker controlled servers.
References
- https://hackerone.com/reports/2913312
- https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0"
},
{
"fixed": "5.28.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.21.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "undici"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.2.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-22150"
],
"database_specific": {
"cwe_ids": [
"CWE-330"
],
"github_reviewed": true,
"github_reviewed_at": "2025-01-21T21:10:47Z",
"nvd_published_at": "2025-01-21T18:15:14Z",
"severity": "MODERATE"
},
"details": "### Impact\n\n[Undici `fetch()` uses Math.random()](https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113) to choose the boundary for a multipart/form-data request. It is known that the output of Math.random() can be predicted if several of its generated values are known.\n\nIf there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, An attacker can tamper with the requests going to the backend APIs if certain conditions are met.\n\n### Patches\n\nThis is fixed in 5.28.5; 6.21.1; 7.2.3.\n\n### Workarounds\n\nDo not issue multipart requests to attacker controlled servers.\n\n### References\n\n* https://hackerone.com/reports/2913312\n* https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f\n",
"id": "GHSA-c76h-2ccp-4975",
"modified": "2025-01-21T21:10:47Z",
"published": "2025-01-21T21:10:47Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/2913312"
},
{
"type": "WEB",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"type": "PACKAGE",
"url": "https://github.com/nodejs/undici"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Use of Insufficiently Random Values in undici"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…