Vulnerability-Lookup

RHSA-2025:11396

Vulnerability from csaf_redhat - Published: 2025-07-18 15:51 - Updated: 2026-05-19 16:06

Summary

Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.4.5 security and bug fix update

Severity

Important

Notes

Topic: OpenShift API for Data Protection (OADP) 1.4.5 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes. Security Fix(es) from Bugzilla: * golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337) * golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338) * go-git: argument injection via the URL field (CVE-2025-21613) * golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws (CVE-2025-22868) * golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869) * golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204) * go-jose: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144) * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-45337

A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

CWE-285 - Improper Authorization

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64	—	Vendor Fix fix Workaround

Known not affected 36 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x	—	Workaround

Threats

Impact Important

CVE-2024-45338

A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 20 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x	—	Vendor Fix fix
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64	—	Vendor Fix fix

Known not affected 24 products

Product	Identifier	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64		—
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x		—

Threats

Impact Important

CVE-2025-21613

An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport protocol is being used.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le	—	Vendor Fix fix Workaround

Known not affected 40 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64	—	Workaround

Threats

Impact Important

CVE-2025-22868

A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Affected products

Fixed 20 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64	—	Vendor Fix fix Workaround

Known not affected 24 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x	—	Workaround

Threats

Impact Important

CVE-2025-22869

A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 8 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64	—	Vendor Fix fix Workaround

Known not affected 36 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x	—	Workaround

Threats

Impact Important

CVE-2025-22871

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64	—	Vendor Fix fix Workaround

Known not affected 40 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x	—	Workaround

Threats

Impact Moderate

CVE-2025-27144

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. This issue could be exploied by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le	—	Vendor Fix fix Workaround

Known not affected 40 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64	—	Workaround

Threats

Impact Moderate

CVE-2025-30204

A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-405 - Asymmetric Resource Consumption (Amplification)

Affected products

Fixed 24 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x	—	Vendor Fix fix Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64	—	Vendor Fix fix Workaround

Known not affected 20 products

Product	Version	Remediation
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64	—	Workaround
Unresolved product id: 9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x	—	Workaround

Threats

Impact Important

References

71 references

URL	Category
https://access.redhat.com/errata/RHSA-2025:11396	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2331720	external
https://bugzilla.redhat.com/show_bug.cgi?id=2333122	external
https://bugzilla.redhat.com/show_bug.cgi?id=2335888	external
https://bugzilla.redhat.com/show_bug.cgi?id=2347423	external
https://bugzilla.redhat.com/show_bug.cgi?id=2348366	external
https://bugzilla.redhat.com/show_bug.cgi?id=2348367	external
https://bugzilla.redhat.com/show_bug.cgi?id=2354195	external
https://bugzilla.redhat.com/show_bug.cgi?id=2358493	external
https://issues.redhat.com/browse/OADP-5904	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2024-45337	self
https://bugzilla.redhat.com/show_bug.cgi?id=2331720	external
https://www.cve.org/CVERecord?id=CVE-2024-45337	external
https://nvd.nist.gov/vuln/detail/CVE-2024-45337	external
https://github.com/golang/crypto/commit/b4f1988a3…	external
https://go.dev/cl/635315	external
https://go.dev/issue/70779	external
https://groups.google.com/g/golang-announce/c/-nP…	external
https://pkg.go.dev/vuln/GO-2024-3321	external
https://access.redhat.com/security/cve/CVE-2024-45338	self
https://bugzilla.redhat.com/show_bug.cgi?id=2333122	external
https://www.cve.org/CVERecord?id=CVE-2024-45338	external
https://nvd.nist.gov/vuln/detail/CVE-2024-45338	external
https://go.dev/cl/637536	external
https://go.dev/issue/70906	external
https://groups.google.com/g/golang-announce/c/wSC…	external
https://pkg.go.dev/vuln/GO-2024-3333	external
https://access.redhat.com/security/cve/CVE-2025-21613	self
https://bugzilla.redhat.com/show_bug.cgi?id=2335888	external
https://www.cve.org/CVERecord?id=CVE-2025-21613	external
https://nvd.nist.gov/vuln/detail/CVE-2025-21613	external
https://github.com/go-git/go-git/security/advisor…	external
https://pkg.go.dev/vuln/GO-2025-3368	external
https://access.redhat.com/security/cve/CVE-2025-22868	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348366	external
https://www.cve.org/CVERecord?id=CVE-2025-22868	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22868	external
https://go.dev/cl/652155	external
https://go.dev/issue/71490	external
https://pkg.go.dev/vuln/GO-2025-3488	external
https://access.redhat.com/security/cve/CVE-2025-22869	self
https://bugzilla.redhat.com/show_bug.cgi?id=2348367	external
https://www.cve.org/CVERecord?id=CVE-2025-22869	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22869	external
https://go.dev/cl/652135	external
https://go.dev/issue/71931	external
https://pkg.go.dev/vuln/GO-2025-3487	external
https://access.redhat.com/security/cve/CVE-2025-22871	self
https://bugzilla.redhat.com/show_bug.cgi?id=2358493	external
https://www.cve.org/CVERecord?id=CVE-2025-22871	external
https://nvd.nist.gov/vuln/detail/CVE-2025-22871	external
https://go.dev/cl/652998	external
https://go.dev/issue/71988	external
https://groups.google.com/g/golang-announce/c/Y2u…	external
https://pkg.go.dev/vuln/GO-2025-3563	external
https://access.redhat.com/security/cve/CVE-2025-27144	self
https://bugzilla.redhat.com/show_bug.cgi?id=2347423	external
https://www.cve.org/CVERecord?id=CVE-2025-27144	external
https://nvd.nist.gov/vuln/detail/CVE-2025-27144	external
https://github.com/go-jose/go-jose/commit/99b346c…	external
https://github.com/go-jose/go-jose/releases/tag/v4.0.5	external
https://github.com/go-jose/go-jose/security/advis…	external
https://access.redhat.com/security/cve/CVE-2025-30204	self
https://bugzilla.redhat.com/show_bug.cgi?id=2354195	external
https://www.cve.org/CVERecord?id=CVE-2025-30204	external
https://nvd.nist.gov/vuln/detail/CVE-2025-30204	external
https://github.com/golang-jwt/jwt/commit/0951d184…	external
https://github.com/golang-jwt/jwt/security/adviso…	external
https://pkg.go.dev/vuln/GO-2025-3553	external

Acknowledgments

jub0bs

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "OpenShift API for Data Protection (OADP) 1.4.5 is now available.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es) from Bugzilla:\n\n* golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)\n\n* golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html (CVE-2024-45338)\n\n* go-git: argument injection via the URL field (CVE-2025-21613)\n\n* golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws (CVE-2025-22868)\n\n* golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)\n\n* golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)\n\n* go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service (CVE-2025-27144)\n\n* net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:11396",
        "url": "https://access.redhat.com/errata/RHSA-2025:11396"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2331720",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
      },
      {
        "category": "external",
        "summary": "2333122",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
      },
      {
        "category": "external",
        "summary": "2335888",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335888"
      },
      {
        "category": "external",
        "summary": "2347423",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347423"
      },
      {
        "category": "external",
        "summary": "2348366",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
      },
      {
        "category": "external",
        "summary": "2348367",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
      },
      {
        "category": "external",
        "summary": "2354195",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
      },
      {
        "category": "external",
        "summary": "2358493",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
      },
      {
        "category": "external",
        "summary": "OADP-5904",
        "url": "https://issues.redhat.com/browse/OADP-5904"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11396.json"
      }
    ],
    "title": "Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.4.5 security and bug fix update",
    "tracking": {
      "current_release_date": "2026-05-19T16:06:43+00:00",
      "generator": {
        "date": "2026-05-19T16:06:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.0"
        }
      },
      "id": "RHSA-2025:11396",
      "initial_release_date": "2025-07-18T15:51:18+00:00",
      "revision_history": [
        {
          "date": "2025-07-18T15:51:18+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-18T15:51:18+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-19T16:06:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "9Base-OADP-1.4",
                "product": {
                  "name": "9Base-OADP-1.4",
                  "product_id": "9Base-OADP-1.4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift_api_data_protection:1.4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "OpenShift API for Data Protection"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.4.5-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
                  "product_id": "oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.4.5-34"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
                  "product_id": "oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.4.5-34"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
                "product": {
                  "name": "oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
                  "product_id": "oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.4.5-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
                "product": {
                  "name": "oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
                  "product_id": "oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.4.5-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
                  "product_id": "oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.4.5-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9\u0026tag=1.4.5-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885?arch=s390x\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.4.5-20"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.4.5-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
                  "product_id": "oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.4.5-34"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
                  "product_id": "oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.4.5-34"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
                "product": {
                  "name": "oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
                  "product_id": "oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.4.5-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64",
                "product": {
                  "name": "oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64",
                  "product_id": "oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.4.5-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
                  "product_id": "oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.4.5-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
                  "product_id": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9\u0026tag=1.4.5-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d?arch=arm64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.4.5-20"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.4.5-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
                  "product_id": "oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.4.5-34"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
                  "product_id": "oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.4.5-34"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
                "product": {
                  "name": "oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
                  "product_id": "oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.4.5-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
                "product": {
                  "name": "oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
                  "product_id": "oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.4.5-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
                  "product_id": "oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.4.5-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9\u0026tag=1.4.5-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469?arch=amd64\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.4.5-20"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
                "product": {
                  "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
                  "product_id": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-kubevirt-velero-plugin-rhel9\u0026tag=1.4.5-21"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
                "product": {
                  "name": "oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
                  "product_id": "oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-mustgather-rhel9\u0026tag=1.4.5-34"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
                "product": {
                  "name": "oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
                  "product_id": "oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-operator-bundle\u0026tag=1.4.5-34"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
                "product": {
                  "name": "oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
                  "product_id": "oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-rhel9-operator\u0026tag=1.4.5-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
                  "product_id": "oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-rhel9\u0026tag=1.4.5-20"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-aws-rhel9\u0026tag=1.4.5-19"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-gcp-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-legacy-aws-rhel9\u0026tag=1.4.5-17"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
                  "product_id": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-plugin-for-microsoft-azure-rhel9\u0026tag=1.4.5-18"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
                "product": {
                  "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
                  "product_id": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4?arch=ppc64le\u0026repository_url=registry.redhat.io/oadp/oadp-velero-restic-restore-helper-rhel9\u0026tag=1.4.5-20"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64"
        },
        "product_reference": "oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x"
        },
        "product_reference": "oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64"
        },
        "product_reference": "oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64"
        },
        "product_reference": "oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le"
        },
        "product_reference": "oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le"
        },
        "product_reference": "oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le"
        },
        "product_reference": "oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x"
        },
        "product_reference": "oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64"
        },
        "product_reference": "oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64"
        },
        "product_reference": "oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64"
        },
        "product_reference": "oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x"
        },
        "product_reference": "oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
        },
        "product_reference": "oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le"
        },
        "product_reference": "oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64"
        },
        "product_reference": "oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x"
        },
        "product_reference": "oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
        "relates_to_product_reference": "9Base-OADP-1.4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64 as a component of 9Base-OADP-1.4",
          "product_id": "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
        },
        "product_reference": "oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64",
        "relates_to_product_reference": "9Base-OADP-1.4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-45337",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "discovery_date": "2024-12-11T19:00:54.247490+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2331720"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
        ],
        "known_not_affected": [
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-45337"
        },
        {
          "category": "external",
          "summary": "RHBZ#2331720",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
          "url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/635315",
          "url": "https://go.dev/cl/635315"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/70779",
          "url": "https://go.dev/issue/70779"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
          "url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2024-3321",
          "url": "https://pkg.go.dev/vuln/GO-2024-3321"
        }
      ],
      "release_date": "2024-12-11T18:55:58.506000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-18T15:51:18+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:11396"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
    },
    {
      "cve": "CVE-2024-45338",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2024-12-18T21:00:59.938173+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2333122"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
        ],
        "known_not_affected": [
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-45338"
        },
        {
          "category": "external",
          "summary": "RHBZ#2333122",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/637536",
          "url": "https://go.dev/cl/637536"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/70906",
          "url": "https://go.dev/issue/70906"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
          "url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2024-3333",
          "url": "https://pkg.go.dev/vuln/GO-2024-3333"
        }
      ],
      "release_date": "2024-12-18T20:38:22.660000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-18T15:51:18+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:11396"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
    },
    {
      "cve": "CVE-2025-21613",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
      },
      "discovery_date": "2025-01-06T17:00:41.244449+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2335888"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An argument injection vulnerability was found in go-git. This flaw allows an attacker to set arbitrary values to git-upload-pack flags, leading to command or code execution, exposure of sensitive data, or other unintended behavior. This is only possible in configurations where the file transport protocol is being used.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "go-git: argument injection via the URL field",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability is rated as an Important severity because an argument injection has been discovered in go-git, where an attackers can manipulate git-upload-pack flags, potentially enabling command or code execution leads to an exposure of sensitive data or other unintended actions, this vulnerability occurs exclusively in configurations using the file transport protocol.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le"
        ],
        "known_not_affected": [
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-21613"
        },
        {
          "category": "external",
          "summary": "RHBZ#2335888",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2335888"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-21613",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-21613"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-21613",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21613"
        },
        {
          "category": "external",
          "summary": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m",
          "url": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3368",
          "url": "https://pkg.go.dev/vuln/GO-2025-3368"
        }
      ],
      "release_date": "2025-01-06T16:13:10.611000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-18T15:51:18+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:11396"
        },
        {
          "category": "workaround",
          "details": "In cases where it is not possible to update to the latest version of go-git, it is recommended to enforce validation rules for values passed in the URL field.",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "go-git: argument injection via the URL field"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "jub0bs"
          ]
        }
      ],
      "cve": "CVE-2025-22868",
      "cwe": {
        "id": "CWE-1286",
        "name": "Improper Validation of Syntactic Correctness of Input"
      },
      "discovery_date": "2025-02-26T04:00:44.350024+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348366"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
        ],
        "known_not_affected": [
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348366",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652155",
          "url": "https://go.dev/cl/652155"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71490",
          "url": "https://go.dev/issue/71490"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3488",
          "url": "https://pkg.go.dev/vuln/GO-2025-3488"
        }
      ],
      "release_date": "2025-02-26T03:07:49.012000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-18T15:51:18+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:11396"
        },
        {
          "category": "workaround",
          "details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
    },
    {
      "cve": "CVE-2025-22869",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-02-26T04:00:47.683125+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2348367"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
        ],
        "known_not_affected": [
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "RHBZ#2348367",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652135",
          "url": "https://go.dev/cl/652135"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71931",
          "url": "https://go.dev/issue/71931"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3487",
          "url": "https://pkg.go.dev/vuln/GO-2025-3487"
        }
      ],
      "release_date": "2025-02-26T03:07:48.855000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-18T15:51:18+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:11396"
        },
        {
          "category": "workaround",
          "details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
    },
    {
      "cve": "CVE-2025-22871",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2025-04-08T21:01:32.229479+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2358493"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
        ],
        "known_not_affected": [
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-22871"
        },
        {
          "category": "external",
          "summary": "RHBZ#2358493",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/652998",
          "url": "https://go.dev/cl/652998"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/71988",
          "url": "https://go.dev/issue/71988"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
          "url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3563",
          "url": "https://pkg.go.dev/vuln/GO-2025-3563"
        }
      ],
      "release_date": "2025-04-08T20:04:34.769000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-18T15:51:18+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:11396"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
    },
    {
      "cve": "CVE-2025-27144",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "discovery_date": "2025-02-24T23:00:42.448432+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2347423"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. This issue could be exploied by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le"
        ],
        "known_not_affected": [
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-27144"
        },
        {
          "category": "external",
          "summary": "RHBZ#2347423",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2347423"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-27144",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-27144"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27144",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27144"
        },
        {
          "category": "external",
          "summary": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22",
          "url": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22"
        },
        {
          "category": "external",
          "summary": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5",
          "url": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5"
        },
        {
          "category": "external",
          "summary": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78",
          "url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78"
        }
      ],
      "release_date": "2025-02-24T22:22:22.863000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-18T15:51:18+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:11396"
        },
        {
          "category": "workaround",
          "details": "As a workaround, applications can pre-validate that payloads being passed to Go JOSE do not contain an excessive number of `.` characters.",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "go-jose: Go JOSE\u0027s Parsing Vulnerable to Denial of Service"
    },
    {
      "cve": "CVE-2025-30204",
      "cwe": {
        "id": "CWE-405",
        "name": "Asymmetric Resource Consumption (Amplification)"
      },
      "discovery_date": "2025-03-21T22:00:43.818367+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2354195"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
          "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
          "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
        ],
        "known_not_affected": [
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
          "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
          "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-30204"
        },
        {
          "category": "external",
          "summary": "RHBZ#2354195",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
          "url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
        },
        {
          "category": "external",
          "summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
          "url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3553",
          "url": "https://pkg.go.dev/vuln/GO-2025-3553"
        }
      ],
      "release_date": "2025-03-21T21:42:01.382000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-18T15:51:18+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:11396"
        },
        {
          "category": "workaround",
          "details": "Red Hat Product Security does not have a recommended mitigation at this time.",
          "product_ids": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:2bae3100587b970b7246ae28196982edc6b9dae145f4d8c812fc9d78bff20961_amd64",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:475a27e370e023af9fc2698ce9b14a97cd0302d27f2bc52dc680bb63a82eb707_s390x",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:e4699d011786df4d3b8481b0b79a41c6cf2450c28a96d983b506393734a24c3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f78f207306aebfe90a9126218b77b64a088b68122f8805b5b69e47972e5d298a_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:41f32fb3b6f3c1ed7be1f2580dd0fcc861c8240c8470b4e0346e0ba5bbb512b5_s390x",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:a0dad19da75a825d5756e033590df8cdb5a6af0f55f906b9b1000d4c3adccd5a_amd64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:abf07f4cad8f18537ccc2f162b25e11a5cae547c5f0db789f573ebc42a327041_arm64",
            "9Base-OADP-1.4:oadp/oadp-mustgather-rhel9@sha256:d9bcac4f030c419292e13e517baf606514dece94182328e9f54058508a5138f1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7317ed83242340597b5cdde8ee314606ddd563d0067ee85c12eb21037e2feb99_amd64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:7bbd1cb460a20aa568f543122ead86a7590827ed04166b82902cd68f60c67b4a_arm64",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:c06a0dc726d75fbed4c5f0ed5beb1abafdc2f85997d9d0b1dab41775b7ffe07d_s390x",
            "9Base-OADP-1.4:oadp/oadp-operator-bundle@sha256:f05c810e2b1c445a5d997826f423b6759c11b188dd8781af5908c085d082ceac_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a695cf5140b0b109ede8c718c7b5b720fbe3f92c033f999506d78e2341c01203_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:a8b86cbc818be479fd560b85e129e917c2314c82070d39a0c1453d8f11631ec5_s390x",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:c64c81ccaa4d3ed1c2b333936b0a9aa111e4dde2de88af5780ebd83f3b29bad6_amd64",
            "9Base-OADP-1.4:oadp/oadp-rhel9-operator@sha256:e4a7bd1b9aeae7350256a65fcb094cff2622e569ca8768df63d43682dff364d4_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:2cdd8800ab19ff52a6682d3a6477c745b09224998dd4d7c5882111496ae8ec09_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:36a22693fd6d1d2721f2f6d579bc638d51ae3648766cc57118f6956cd10aba36_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:969922831941453a7d0c16bbe908b3b3596493134e68e771bd49ed9460f38bf1_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-aws-rhel9@sha256:e97dc347f843eab864efb81f939b425554e6db58cde788a942afd7b00ac470df_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:6ab225df2a249068ce7f22d909916ee94e58abcbae8662d4df3f0e93e4b97eed_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:a654a342057e7f679a96a5f18069bf6568e9a9f59f9f1934bf02f346a73cfe25_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d70161cdeb833ec007dfad5a7f1b1ff411a10fe054b9ede12f3d7879e201ee17_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:d9cc11a9154a89f84d66874f773225b6ac2b9a3342bd4d15cbb2ee8639c5f05f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:121c80f73d2739694de126801e5c9622584ddc61fad9d1953e56fc83439ce074_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:1ead7c1b32cb4ff2ec3002142a2fa25dbde1cc99c9ab07742e06981055963716_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:9f7b3d93c79057eaefd036c8aa06f392487a73c1dde9a5bdecac73610b42461d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-legacy-aws-rhel9@sha256:cc1323f77941a5c0d4202ab96ca1643b6d06df4febf996de2ee82f43010e319c_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:18bfc85cc1a69536c266b0d168644406ccab9943aeb076a4e1a241655783a199_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:6c8c1cee0d702a5917c16decf62950adddc5ad4b629492b50a2d3c860dad14c2_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:7d22ecdc5faffcf9073c2b08178363820dc74d6fed62d0974bb3df309be573cb_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:fb57f4b7e2df487e6a8d272168c88ccd2f9f9b4d06efe23cf271c900d84d66cc_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:6fb517f7cba99c4db682a9e71e4afce78f0f6b2b6fed6ee83ee39e3883af72d1_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:7c3889900001f080690330f619d8e509e7005363a984eeb47221359b91166674_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:b76bf2f89b41f4f5a3fb696a3942f26eb1ffbdf5a0bc0d9611906dd1de177d16_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-plugin-rhel9@sha256:d37ce4423a62897fa3ba2b59fe9bb3a4832088020ea089dd03b920a36179418f_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:37a60c31f57eb012097db76db3682d1c98936c581f64fda05fd705805b34327d_arm64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:8d42dac3bdfb6f30bbbb62f83b9a3847c56ee405474b543e51619735e1b6dea4_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:aaf2bfc6b4a84f6b56592cfaa63552bea96ac5c8283f883b0f810a4c00b5f469_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-restic-restore-helper-rhel9@sha256:ebe2f773be55633f5d78274d9b85c253cd97257e227f20a12f20f27722c56885_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:489b4765e3f7f9da000be488e6ee755f9e930ce2e0d688c39677fc964cd1ae3a_ppc64le",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:6eb63751e7f228d3b91abd9927ca0fd84d73aa095bc76afd681340f85c36cd92_amd64",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:704acaaf95af349cb107ac6df2bfef5da3df3d5fc16f16c631b5e5f97492bcaf_s390x",
            "9Base-OADP-1.4:oadp/oadp-velero-rhel9@sha256:8f28683c1b38621778de147f3f2329119f843e017d48a33de14fcadfc9f4384b_arm64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
    }
  ]
}

CVE-2024-45338 (GCVE-0-2024-45338)

Vulnerability from cvelistv5 – Published: 2024-12-18 20:38 – Updated: 2025-02-21 18:03

Title

Non-linear parsing of case-insensitive content in golang.org/x/net/html

Summary

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-405 - Asymmetric Resource Consumption (Amplification)

Assigner

References

4 references

URL	Tags
https://go.dev/cl/637536
https://go.dev/issue/70906
https://groups.google.com/g/golang-announce/c/wSC…
https://pkg.go.dev/vuln/GO-2024-3333

Impacted products

1 product

Vendor	Product	Version
golang.org/x/net	golang.org/x/net/html	Affected: 0 , < 0.33.0 (semver)

Credits

Guido Vranken

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45338",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-31T19:51:42.228627Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1333",
                "description": "CWE-1333 Inefficient Regular Expression Complexity",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-31T19:55:04.864Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-02-21T18:03:32.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250221-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/net/html",
          "product": "golang.org/x/net/html",
          "programRoutines": [
            {
              "name": "parseDoctype"
            },
            {
              "name": "htmlIntegrationPoint"
            },
            {
              "name": "inTableIM"
            },
            {
              "name": "inBodyIM"
            },
            {
              "name": "Parse"
            },
            {
              "name": "ParseFragment"
            },
            {
              "name": "ParseFragmentWithOptions"
            },
            {
              "name": "ParseWithOptions"
            }
          ],
          "vendor": "golang.org/x/net",
          "versions": [
            {
              "lessThan": "0.33.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Guido Vranken"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-18T20:38:22.660Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/637536"
        },
        {
          "url": "https://go.dev/issue/70906"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-3333"
        }
      ],
      "title": "Non-linear parsing of case-insensitive content in golang.org/x/net/html"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-45338",
    "datePublished": "2024-12-18T20:38:22.660Z",
    "dateReserved": "2024-08-27T19:41:58.555Z",
    "dateUpdated": "2025-02-21T18:03:32.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22869 (GCVE-0-2025-22869)

Vulnerability from cvelistv5 – Published: 2025-02-26 03:07 – Updated: 2025-04-11 22:03

Title

Potential denial of service in golang.org/x/crypto

Summary

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

References

3 references

URL	Tags
https://go.dev/cl/652135
https://go.dev/issue/71931
https://pkg.go.dev/vuln/GO-2025-3487

Impacted products

1 product

Vendor	Product	Version
golang.org/x/crypto	golang.org/x/crypto/ssh	Affected: 0 , < 0.35.0 (semver)

Credits

Yuichi Watanabe

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-22869",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T14:57:07.968721Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-770",
                "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T14:57:49.252Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-11T22:03:24.222Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250411-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/crypto/ssh",
          "product": "golang.org/x/crypto/ssh",
          "programRoutines": [
            {
              "name": "newHandshakeTransport"
            },
            {
              "name": "handshakeTransport.recordWriteError"
            },
            {
              "name": "handshakeTransport.kexLoop"
            },
            {
              "name": "handshakeTransport.writePacket"
            },
            {
              "name": "Client.Dial"
            },
            {
              "name": "Client.DialContext"
            },
            {
              "name": "Client.DialTCP"
            },
            {
              "name": "Client.Listen"
            },
            {
              "name": "Client.ListenTCP"
            },
            {
              "name": "Client.ListenUnix"
            },
            {
              "name": "Client.NewSession"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DiscardRequests"
            },
            {
              "name": "NewClient"
            },
            {
              "name": "NewClientConn"
            },
            {
              "name": "NewServerConn"
            },
            {
              "name": "Request.Reply"
            },
            {
              "name": "Session.Close"
            },
            {
              "name": "Session.CombinedOutput"
            },
            {
              "name": "Session.Output"
            },
            {
              "name": "Session.RequestPty"
            },
            {
              "name": "Session.RequestSubsystem"
            },
            {
              "name": "Session.Run"
            },
            {
              "name": "Session.SendRequest"
            },
            {
              "name": "Session.Setenv"
            },
            {
              "name": "Session.Shell"
            },
            {
              "name": "Session.Signal"
            },
            {
              "name": "Session.Start"
            },
            {
              "name": "Session.WindowChange"
            },
            {
              "name": "channel.Accept"
            },
            {
              "name": "channel.Close"
            },
            {
              "name": "channel.CloseWrite"
            },
            {
              "name": "channel.Read"
            },
            {
              "name": "channel.ReadExtended"
            },
            {
              "name": "channel.Reject"
            },
            {
              "name": "channel.SendRequest"
            },
            {
              "name": "channel.Write"
            },
            {
              "name": "channel.WriteExtended"
            },
            {
              "name": "connection.SendAuthBanner"
            },
            {
              "name": "curve25519sha256.Client"
            },
            {
              "name": "curve25519sha256.Server"
            },
            {
              "name": "dhGEXSHA.Client"
            },
            {
              "name": "dhGEXSHA.Server"
            },
            {
              "name": "dhGroup.Client"
            },
            {
              "name": "dhGroup.Server"
            },
            {
              "name": "ecdh.Client"
            },
            {
              "name": "ecdh.Server"
            },
            {
              "name": "extChannel.Read"
            },
            {
              "name": "extChannel.Write"
            },
            {
              "name": "mux.OpenChannel"
            },
            {
              "name": "mux.SendRequest"
            },
            {
              "name": "sessionStdin.Close"
            },
            {
              "name": "sshClientKeyboardInteractive.Challenge"
            },
            {
              "name": "tcpListener.Accept"
            },
            {
              "name": "tcpListener.Close"
            },
            {
              "name": "unixListener.Accept"
            },
            {
              "name": "unixListener.Close"
            }
          ],
          "vendor": "golang.org/x/crypto",
          "versions": [
            {
              "lessThan": "0.35.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Yuichi Watanabe"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-26T03:07:48.855Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/652135"
        },
        {
          "url": "https://go.dev/issue/71931"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-3487"
        }
      ],
      "title": "Potential denial of service in golang.org/x/crypto"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-22869",
    "datePublished": "2025-02-26T03:07:48.855Z",
    "dateReserved": "2025-01-08T19:11:42.834Z",
    "dateUpdated": "2025-04-11T22:03:24.222Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-27144 (GCVE-0-2025-27144)

Vulnerability from cvelistv5 – Published: 2025-02-24 22:22 – Updated: 2025-02-25 14:27

Title

Go JOSE's Parsing Vulnerable to Denial of Service

Summary

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.

Severity ?

6.6 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/go-jose/go-jose/security/advis…	x_refsource_CONFIRM
https://github.com/go-jose/go-jose/commit/99b346c…	x_refsource_MISC
https://github.com/go-jose/go-jose/releases/tag/v4.0.5	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
go-jose	go-jose	Affected: >= 4.0.0, < 4.0.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27144",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-25T14:26:42.682392Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-25T14:27:04.978Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "go-jose",
          "vendor": "go-jose",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.0.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters.  An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-24T22:22:22.863Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78"
        },
        {
          "name": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22"
        },
        {
          "name": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/go-jose/go-jose/releases/tag/v4.0.5"
        }
      ],
      "source": {
        "advisory": "GHSA-c6gw-w398-hv78",
        "discovery": "UNKNOWN"
      },
      "title": "Go JOSE\u0027s Parsing Vulnerable to Denial of Service"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-27144",
    "datePublished": "2025-02-24T22:22:22.863Z",
    "dateReserved": "2025-02-19T16:30:47.777Z",
    "dateUpdated": "2025-02-25T14:27:04.978Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22868 (GCVE-0-2025-22868)

Vulnerability from cvelistv5 – Published: 2025-02-26 03:07 – Updated: 2025-02-26 14:46

Title

Unexpected memory consumption during token parsing in golang.org/x/oauth2

Summary

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1286 - Improper Validation of Syntactic Correctness of Input

Assigner

References

3 references

URL	Tags
https://go.dev/cl/652155
https://go.dev/issue/71490
https://pkg.go.dev/vuln/GO-2025-3488

Impacted products

1 product

Vendor	Product	Version
golang.org/x/oauth2	golang.org/x/oauth2/jws	Affected: 0 , < 0.27.0 (semver)

Credits

jub0bs

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-22868",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-26T14:45:27.246610Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-1286",
                "description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-26T14:46:20.671Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/oauth2/jws",
          "product": "golang.org/x/oauth2/jws",
          "programRoutines": [
            {
              "name": "Verify"
            }
          ],
          "vendor": "golang.org/x/oauth2",
          "versions": [
            {
              "lessThan": "0.27.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "jub0bs"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-26T03:07:49.012Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/652155"
        },
        {
          "url": "https://go.dev/issue/71490"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-3488"
        }
      ],
      "title": "Unexpected memory consumption during token parsing in golang.org/x/oauth2"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-22868",
    "datePublished": "2025-02-26T03:07:49.012Z",
    "dateReserved": "2025-01-08T19:11:42.834Z",
    "dateUpdated": "2025-02-26T14:46:20.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-21613 (GCVE-0-2025-21613)

Vulnerability from cvelistv5 – Published: 2025-01-06 16:13 – Updated: 2025-01-06 16:45

Title

go-git has an Argument Injection via the URL field

Summary

go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0.

Severity ?

9.2 (Critical)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear

CWE

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Assigner

GitHub_M

References

1 reference

URL	Tags
https://github.com/go-git/go-git/security/advisor…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
go-git	go-git	Affected: >= 4.0.0, < 5.13.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21613",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-06T16:38:34.120792Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-88",
                "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-06T16:45:02.671Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "go-git",
          "vendor": "go-git",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0,  \u003c 5.13.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 9.2,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/U:Clear",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-88",
              "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-06T16:13:10.611Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/go-git/go-git/security/advisories/GHSA-v725-9546-7q7m"
        }
      ],
      "source": {
        "advisory": "GHSA-v725-9546-7q7m",
        "discovery": "UNKNOWN"
      },
      "title": "go-git has an Argument Injection via the URL field"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-21613",
    "datePublished": "2025-01-06T16:13:10.611Z",
    "dateReserved": "2024-12-29T03:00:24.713Z",
    "dateUpdated": "2025-01-06T16:45:02.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-45337 (GCVE-0-2024-45337)

Vulnerability from cvelistv5 – Published: 2024-12-11 18:55 – Updated: 2025-02-18 20:48

Title

Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto

Summary

Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-1108 - Excessive Reliance on Global Variables

Assigner

References

5 references

URL	Tags
https://github.com/golang/crypto/commit/b4f1988a3…
https://go.dev/cl/635315
https://go.dev/issue/70779
https://groups.google.com/g/golang-announce/c/-nP…
https://pkg.go.dev/vuln/GO-2024-3321

Impacted products

1 product

Vendor	Product	Version
golang.org/x/crypto	golang.org/x/crypto/ssh	Affected: 0 , < 0.31.0 (semver)

Credits

Damien Tournoud (Platform.sh / Upsun) Patrick Dawkins (Platform.sh / Upsun) Vince Parker (Platform.sh / Upsun) Jules Duvivier (Platform.sh / Upsun)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-01-31T15:02:46.088Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2024/12/11/2"
          },
          {
            "url": "https://security.netapp.com/advisory/ntap-20250131-0007/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45337",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-12T17:57:55.896008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-12T17:58:29.810Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "golang.org/x/crypto/ssh",
          "product": "golang.org/x/crypto/ssh",
          "programRoutines": [
            {
              "name": "ServerConfig.PublicKeyCallback"
            },
            {
              "name": "connection.serverAuthenticate"
            },
            {
              "name": "NewServerConn"
            }
          ],
          "vendor": "golang.org/x/crypto",
          "versions": [
            {
              "lessThan": "0.31.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Damien Tournoud (Platform.sh / Upsun)"
        },
        {
          "lang": "en",
          "value": "Patrick Dawkins (Platform.sh / Upsun)"
        },
        {
          "lang": "en",
          "value": "Vince Parker (Platform.sh / Upsun)"
        },
        {
          "lang": "en",
          "value": "Jules Duvivier (Platform.sh / Upsun)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-1108: Excessive Reliance on Global Variables",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-18T20:48:40.404Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
        },
        {
          "url": "https://go.dev/cl/635315"
        },
        {
          "url": "https://go.dev/issue/70779"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2024-3321"
        }
      ],
      "title": "Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2024-45337",
    "datePublished": "2024-12-11T18:55:58.506Z",
    "dateReserved": "2024-08-27T19:41:58.555Z",
    "dateUpdated": "2025-02-18T20:48:40.404Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-30204 (GCVE-0-2025-30204)

Vulnerability from cvelistv5 – Published: 2025-03-21 21:42 – Updated: 2025-04-10 13:03

Title

jwt-go allows excessive memory allocation during header parsing

Summary

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-405 - Asymmetric Resource Consumption (Amplification)

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/golang-jwt/jwt/security/adviso…	x_refsource_CONFIRM
https://github.com/golang-jwt/jwt/commit/0951d184…	x_refsource_MISC
https://github.com/golang-jwt/jwt/commit/bf316c48…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
golang-jwt	jwt	Affected: >= 3.2.0, < 4.5.2 Affected: >= 5.0.0-rc.1, < 5.2.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-30204",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-24T14:10:18.281694Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-24T14:10:35.776Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-04T23:03:13.309Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250404-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jwt",
          "vendor": "golang-jwt",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.2.0, \u003c 4.5.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 5.0.0-rc.1, \u003c 5.2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer  followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function\u0027s argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-405",
              "description": "CWE-405: Asymmetric Resource Consumption (Amplification)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-10T13:03:19.897Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
        },
        {
          "name": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
        },
        {
          "name": "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb"
        }
      ],
      "source": {
        "advisory": "GHSA-mh63-6h87-95cp",
        "discovery": "UNKNOWN"
      },
      "title": "jwt-go allows excessive memory allocation during header parsing"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-30204",
    "datePublished": "2025-03-21T21:42:01.382Z",
    "dateReserved": "2025-03-18T18:15:13.849Z",
    "dateUpdated": "2025-04-10T13:03:19.897Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-22871 (GCVE-0-2025-22871)

Vulnerability from cvelistv5 – Published: 2025-04-08 20:04 – Updated: 2026-05-12 12:04

Title

Request smuggling due to acceptance of invalid chunked data in net/http

Summary

The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Assigner

References

4 references

URL	Tags
https://go.dev/cl/652998
https://go.dev/issue/71988
https://groups.google.com/g/golang-announce/c/Y2u…
https://pkg.go.dev/vuln/GO-2025-3563

Impacted products

1 product

Vendor	Product	Version
Go standard library	net/http/internal	Affected: 0 , < 1.23.8 (semver) Affected: 1.24.0-0 , < 1.24.2 (semver)

Credits

Jeppe Bonde Weikop

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-08T21:03:21.913Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/04/4"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-22871",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-18T14:57:03.151639Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-18T14:57:31.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "SENTRON 7KT PAC1261 Data Manager",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V2.1.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:04:11.015Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-783943.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "net/http/internal",
          "product": "net/http/internal",
          "programRoutines": [
            {
              "name": "readChunkLine"
            },
            {
              "name": "chunkedReader.Read"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.23.8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.24.2",
              "status": "affected",
              "version": "1.24.0-0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Jeppe Bonde Weikop"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-08T20:04:34.769Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://go.dev/cl/652998"
        },
        {
          "url": "https://go.dev/issue/71988"
        },
        {
          "url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2025-3563"
        }
      ],
      "title": "Request smuggling due to acceptance of invalid chunked data in net/http"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-22871",
    "datePublished": "2025-04-08T20:04:34.769Z",
    "dateReserved": "2025-01-08T19:11:42.834Z",
    "dateUpdated": "2026-05-12T12:04:11.015Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2025:11396

CVE-2024-45338 (GCVE-0-2024-45338)

CVE-2025-22869 (GCVE-0-2025-22869)

CVE-2025-27144 (GCVE-0-2025-27144)

CVE-2025-22868 (GCVE-0-2025-22868)

CVE-2025-21613 (GCVE-0-2025-21613)

CVE-2024-45337 (GCVE-0-2024-45337)

CVE-2025-30204 (GCVE-0-2025-30204)

CVE-2025-22871 (GCVE-0-2025-22871)

Tags

Sightings

Nomenclature