RHSA-2025:11749
Vulnerability from csaf_redhat - Published: 2025-07-24 15:20 - Updated: 2026-04-08 05:01Summary
Red Hat Security Advisory: Updated 8.1 container image is now available: security and bug fix update
Severity
Important
Notes
Topic: Updated rhceph-8.1 container image is now available in the Red Hat Ecosystem Catalog.
Details: Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
This new container image is based on Red Hat Ceph Storage 8.1 and Red Hat Enterprise Linux 8.10, 9.5, 9.6.
Users are directed to the Red Hat Ceph Storage Release Notes for full Red Hat Ceph Storage 8.1 Release Notes information:
https://docs.redhat.com/en/documentation/red_hat_ceph_storage/8/html/8.1_release_notes
All users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous security and bug fixes.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in github.com/moby/moby. The classic builder cache system in moby is vulnerable to cache poisoning if the image is built using a 'FROM scratch' in Dockerfile. This flaw allows an attacker who has knowledge of the Dockerfile to create a malicious cache that would be pulled and considered a valid cache candidate for some build steps. This only affects one if using DOCKER_BUILDKIT=0 or using the /build API endpoint.
6.9 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2789521
For supported configurations, refer to:
https://access.redhat.com/articles/1548993
https://access.redhat.com/errata/RHSA-2025:11749
A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2789521
For supported configurations, refer to:
https://access.redhat.com/articles/1548993
https://access.redhat.com/errata/RHSA-2025:11749
A flaw was found in the prism-autoloader plugin of the Prism library. The prism-autoloader plugin uses `document.currentScript` as the base URL for dynamically loading other dependencies and, in certain circumstances, can be vulnerable to a DOM Clobbering attack. This issue could lead to Cross-site scripting (XSS) attacks on web pages that embed Prism and allow users to inject scriptless HTML elements, such as an `img` tag with a controlled `name` attribute.
4.9 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2789521
For supported configurations, refer to:
https://access.redhat.com/articles/1548993
https://access.redhat.com/errata/RHSA-2025:11749
A flaw was found in the crypto/x509 golang library. When using ParsePKCS1PrivateKey to parse an RSA key missing the CRT values, causes a panic when verifying the key is well formed.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2789521
For supported configurations, refer to:
https://access.redhat.com/articles/1548993
https://access.redhat.com/errata/RHSA-2025:11749
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2789521
For supported configurations, refer to:
https://access.redhat.com/articles/1548993
https://access.redhat.com/errata/RHSA-2025:11749
Workaround
To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to send hidden or unauthorized requests.
5.4 (Medium)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2789521
For supported configurations, refer to:
https://access.redhat.com/articles/1548993
https://access.redhat.com/errata/RHSA-2025:11749
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/2789521
For supported configurations, refer to:
https://access.redhat.com/articles/1548993
https://access.redhat.com/errata/RHSA-2025:11749
Workaround
Red Hat Product Security does not have a recommended mitigation at this time.
References
Acknowledgments
jub0bs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated rhceph-8.1 container image is now available in the Red Hat Ecosystem Catalog.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. \n \nThis new container image is based on Red Hat Ceph Storage 8.1 and Red Hat Enterprise Linux 8.10, 9.5, 9.6. \n \nUsers are directed to the Red Hat Ceph Storage Release Notes for full Red Hat Ceph Storage 8.1 Release Notes information:\n\nhttps://docs.redhat.com/en/documentation/red_hat_ceph_storage/8/html/8.1_release_notes\n\nAll users of Red Hat Ceph Storage are advised to pull these new images from the Red Hat Ecosystem catalog, which provides numerous security and bug fixes.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:11749",
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2262352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352"
},
{
"category": "external",
"summary": "2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "external",
"summary": "2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11749.json"
}
],
"title": "Red Hat Security Advisory: Updated 8.1 container image is now available: security and bug fix update",
"tracking": {
"current_release_date": "2026-04-08T05:01:55+00:00",
"generator": {
"date": "2026-04-08T05:01:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2025:11749",
"initial_release_date": "2025-07-24T15:20:25+00:00",
"revision_history": [
{
"date": "2025-07-24T15:20:25+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-24T15:20:25+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-08T05:01:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 8.1 Tools",
"product": {
"name": "Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:8.1::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product": {
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product_id": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product_id": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product_id": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=8-511"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product": {
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product_id": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product_id": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product_id": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=8-511"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6?arch=arm64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product": {
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product_id": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product_id": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product_id": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=8-511"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5?arch=s390x\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product": {
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product_id": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/grafana-rhel9\u0026tag=11.6.2-4"
}
}
},
{
"category": "product_version",
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product": {
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product_id": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/keepalived-rhel9\u0026tag=2.2.8-73"
}
}
},
{
"category": "product_version",
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product_id": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/oauth2-proxy-rhel9\u0026tag=v7.6.0-33"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product_id": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-promtail-rhel9\u0026tag=v3.0.0-40"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product": {
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product_id": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-8-rhel9\u0026tag=8-511"
}
}
},
{
"category": "product_version",
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product_id": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/rhceph-haproxy-rhel9\u0026tag=2.4.22-75"
}
}
},
{
"category": "product_version",
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product": {
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product_id": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a?arch=amd64\u0026repository_url=registry.redhat.io/rhceph/snmp-notifier-rhel9\u0026tag=1.2.1-123"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64"
},
"product_reference": "rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64"
},
"product_reference": "rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le"
},
"product_reference": "rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
},
"product_reference": "rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x"
},
"product_reference": "rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64"
},
"product_reference": "rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64"
},
"product_reference": "rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64"
},
"product_reference": "rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x"
},
"product_reference": "rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64 as a component of Red Hat Ceph Storage 8.1 Tools",
"product_id": "9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
},
"product_reference": "rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64",
"relates_to_product_reference": "9Base-RHCEPH-8.1-Tools"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-24557",
"cwe": {
"id": "CWE-494",
"name": "Download of Code Without Integrity Check"
},
"discovery_date": "2024-02-01T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2262352"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in github.com/moby/moby. The classic builder cache system in moby is vulnerable to cache poisoning if the image is built using a \u0027FROM scratch\u0027 in Dockerfile. This flaw allows an attacker who has knowledge of the Dockerfile to create a malicious cache that would be pulled and considered a valid cache candidate for some build steps.\r\nThis only affects one if using DOCKER_BUILDKIT=0 or using the /build API endpoint.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "moby: classic builder cache poisoning",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this as a Moderate impact since attack complexity is quite high. There are multiple conditions which are required: dockerfile is configured to use a non-default setting, attacker must be aware of this information, and they must have the ability to craft a malicious cache.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-24557"
},
{
"category": "external",
"summary": "RHBZ#2262352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262352"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-24557",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24557"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24557"
},
{
"category": "external",
"summary": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc",
"url": "https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc"
}
],
"release_date": "2024-02-01T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "moby: classic builder cache poisoning"
},
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-53382",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2025-03-03T07:00:37.175156+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2349390"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the prism-autoloader plugin of the Prism library. The prism-autoloader plugin uses `document.currentScript` as the base URL for dynamically loading other dependencies and, in certain circumstances, can be vulnerable to a DOM Clobbering attack. This issue could lead to Cross-site scripting (XSS) attacks on web pages that embed Prism and allow users to inject scriptless HTML elements, such as an `img` tag with a controlled `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-53382"
},
{
"category": "external",
"summary": "RHBZ#2349390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2349390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-53382",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53382"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53382"
},
{
"category": "external",
"summary": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660",
"url": "https://gist.github.com/jackfromeast/aeb128e44f05f95828a1a824708df660"
},
{
"category": "external",
"summary": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259",
"url": "https://github.com/PrismJS/prism/blob/59e5a3471377057de1f401ba38337aca27b80e03/prism.js#L226-L259"
}
],
"release_date": "2025-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "prismjs: DOM Clobbering vulnerability within the Prism library\u0027s prism-autoloader plugin"
},
{
"cve": "CVE-2025-22865",
"cwe": {
"id": "CWE-228",
"name": "Improper Handling of Syntactically Invalid Structure"
},
"discovery_date": "2025-01-28T02:00:52.745155+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2342464"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/x509 golang library. When using ParsePKCS1PrivateKey to parse an RSA key missing the CRT values, causes a panic when verifying the key is well formed.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability affects only the Go 1.24 release candidates. Red Hat products do not utilize Go 1.24, except Red Hat Ceph Storage 8 which includes a Grafana container that uses Go 1.24 and is therefore affected by this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22865"
},
{
"category": "external",
"summary": "RHBZ#2342464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2342464"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22865",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22865"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22865"
},
{
"category": "external",
"summary": "https://go.dev/cl/643098",
"url": "https://go.dev/cl/643098"
},
{
"category": "external",
"summary": "https://go.dev/issue/71216",
"url": "https://go.dev/issue/71216"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ",
"url": "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3421",
"url": "https://pkg.go.dev/vuln/GO-2025-3421"
}
],
"release_date": "2025-01-28T01:03:25.121000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22871",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2025-04-08T21:01:32.229479+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2358493"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed (LF) instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling\u2014where an attacker tricks the system to send hidden or unauthorized requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Satellite is rated as Low severity for this vulnerability. However, other affected components remain Moderate. Satellite uses the affected Go net/http component solely as a client to make requests, not as a server. Since this vulnerability only affects server-side usage, Satellite is not directly exposed to the flaw, justifying the lower severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22871"
},
{
"category": "external",
"summary": "RHBZ#2358493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2358493"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22871",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22871"
},
{
"category": "external",
"summary": "https://go.dev/cl/652998",
"url": "https://go.dev/cl/652998"
},
{
"category": "external",
"summary": "https://go.dev/issue/71988",
"url": "https://go.dev/issue/71988"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk",
"url": "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3563",
"url": "https://pkg.go.dev/vuln/GO-2025-3563"
}
],
"release_date": "2025-04-08T20:04:34.769000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"known_not_affected": [
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-24T15:20:25+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/2789521\n\nFor supported configurations, refer to:\n\nhttps://access.redhat.com/articles/1548993",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:11749"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:31fef47dd1441ce0cd0441ea237b250726b5429238cb2571382cc30848fa0380_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:51837e438fc3cf39e58ad27f836e15d3332d4304aaee5755b2f2a0f2489ef441_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:9003f917a389ec64f27685a218eb29564065c051f709110faba83e7bfdfcb714_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/grafana-rhel9@sha256:da926514919abea81bf45f4ba3a5d7173767b606e5bd896438e8d7b06968a6b2_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:3de68bcac5976a55869bd87dfde1cada6cc2a6834fdda61b50902f011c8b4c78_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:773af3b5e9bcd759f270bba3ccc115cbf8c1a15f43542ee09790cd95ba292404_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:8f28f7954306092bef49d50b417da21503c3835de22ded897070d10a0e1149c5_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/keepalived-rhel9@sha256:b54ade655a7b29d94585cd5b5745da62df2e5a58eb03745c2750bf9ce60f381f_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:05eca5fd65e2b19aaf36f4c2f52a3cd7b993c7ad499c7fcfd685c0973d199dea_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:c328175169d0e8206d8d71cc2de53b38280e5f743a190952960390abbccf8c9c_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:ea79c446685f4c4f5df793c42ef5a07db9dc6630e5c1aa93b14e45966cb6a572_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/oauth2-proxy-rhel9@sha256:f925ae0c7b1189e6b3f78d1a93fcd89d1e8edd02e23a20408a77e3e2aeba448f_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:00cf0106a5a850538190bcb70f30bf0652b68fbcd99dd6b3208a91c17e466814_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:2f72e7bd86947922bdef6382b2c545284e58f429d43357caaefd9eb2c42617f5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:4e70ba10dc7b04b7baec7d674cdacece5b993f7333cbf91c8564e3c8db85eb5e_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-8-rhel9@sha256:adfd22a4c20f4df0923a23ffbd5b29cd51ca8d73ade88d792d0c148ed9e73e0a_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:13774aa70636acace072cbb36a20e205ee198b225f8710545273fae4ac7b6886_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:16f496f737c4904df0f3431f19de83c28086ab745b416c22a957baa105220fc4_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:41ccbd5e804918b530f3d31fd8bf33af72038ccea45a0850e57d9563b43cf424_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-haproxy-rhel9@sha256:b68745ea2b9a6efc7a63c64f6d05d5840599225c8c5120979953e2d3082b7ac9_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:12b8ad56276d7f772662069054fcd73fbb0116ba6ed54da563cc2316583df28c_amd64",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:3d82a3b6239bbcee0d77dffceecc05ca3a6d84fa13afd84104793854b4bf7c26_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/rhceph-promtail-rhel9@sha256:5cd022f4fd595c14d2c7a8fe8f6dbb188738db1e658b68063c4b6e55ab2d0509_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:37e1ba0708b3bd4297295bd0f1b12d6493b0515b607d442c5121231963b803a6_arm64",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:569cc1b32dbeb527e134757a4581e592afea89734d6fb587966d92d8f3d905b5_s390x",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:8b64aba2169d9888b3e53cd35391bc5321ac058a216925449d9ab1f374c9291a_ppc64le",
"9Base-RHCEPH-8.1-Tools:rhceph/snmp-notifier-rhel9@sha256:cb10376a2a0f6cff7e613cdc5feef7cad976b7d44c7fb0fe26a730c7050a258a_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…