rhsa-2025:16020
Vulnerability from csaf_redhat
Published
2025-09-16 20:12
Modified
2025-09-17 16:55
Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.7.1 release.
Notes
Topic
Red Hat Developer Hub 1.7.1 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.7.1 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:16020",
"url": "https://access.redhat.com/errata/RHSA-2025:16020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9287",
"url": "https://access.redhat.com/security/cve/CVE-2025-9287"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-9288",
"url": "https://access.redhat.com/security/cve/CVE-2025-9288"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-8676",
"url": "https://issues.redhat.com/browse/RHIDP-8676"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHIDP-8682",
"url": "https://issues.redhat.com/browse/RHIDP-8682"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_16020.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.7.1 release.",
"tracking": {
"current_release_date": "2025-09-17T16:55:06+00:00",
"generator": {
"date": "2025-09-17T16:55:06+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:16020",
"initial_release_date": "2025-09-16T20:12:11+00:00",
"revision_history": [
{
"date": "2025-09-16T20:12:11+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-16T20:12:18+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-17T16:55:06+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.7",
"product": {
"name": "Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.7::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.1-1757963043"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3Aaffdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.1-1757949497"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Af743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.7.1-1757967808"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64 as a component of Red Hat Developer Hub 1.7",
"product_id": "Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-9287",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-08-20T22:00:53.821394+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2389932"
}
],
"notes": [
{
"category": "description",
"text": "An improper input validation vulnerability was found in the cipher-base npm package. Missing input type checks in the polyfill of the Node.js `createHash` function result in invalid\u00a0value calculations,\u00a0hanging and\u00a0rewinding the\u00a0hash state, including\u00a0turning a tagged hash\u00a0into an untagged\u00a0hash, for malicious JSON-stringifyable\u00a0inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cipher-base: Cipher-base hash manipulation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9287"
},
{
"category": "external",
"summary": "RHBZ#2389932",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389932"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9287",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9287"
},
{
"category": "external",
"summary": "https://github.com/browserify/cipher-base/pull/23",
"url": "https://github.com/browserify/cipher-base/pull/23"
},
{
"category": "external",
"summary": "https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc",
"url": "https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc"
}
],
"release_date": "2025-08-20T21:43:56.548000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-16T20:12:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16020"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "cipher-base: Cipher-base hash manipulation"
},
{
"cve": "CVE-2025-9288",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-08-20T23:00:56.263191+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2389980"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in sha.js, where the hashing implementation does not perform sufficient input type validation. The .update() function accepts arbitrary objects, including those with crafted length properties, which can alter the internal state machine of the hashing process. This flaw may result in unexpected behavior such as rewinding the hash state, producing inconsistent digest outputs, or entering invalid processing loops. The issue was introduced due to the reliance on JavaScript object coercion rules rather than enforcing strict buffer or string inputs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "sha.js: Missing type checks leading to hash rewind and passing on crafted data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability was marked as Important rather then Critical because while the lack of input type checks in sha.js allows for hash state rewinding, crafted collisions, and potential denial of service, the vulnerability requires highly specific crafted input objects that are unlikely to occur in typical real-world usage, especially since most applications pass well-formed strings or buffers to hashing functions. Moreover, the cryptographic breakages described, such as nonce reuse leading to private key extraction, are indirect and depend on downstream libraries misusing sha.js for sensitive operations without additional validation layers. As a result, the flaw significantly undermines correctness and robustness of the hashing API, but its exploitability in common production systems is constrained, which could justify viewing it as an Important vulnerability rather than a Critical one.\n\n\nThe flaw requires applications to pass attacker-controlled, non-standard JavaScript objects into hash.update(). Most real-world Node.js applications and libraries already use Buffer, TypedArray, or String inputs, which are unaffected. Furthermore, Node\u2019s built-in crypto module, which is widely adopted, enforces stricter type-checking and is not impacted. As a result, the vulnerability mainly threatens projects that (a) directly depend on sha.js for cryptographically sensitive operations, and (b) hash untrusted input without type validation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9288"
},
{
"category": "external",
"summary": "RHBZ#2389980",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389980"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9288",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9288"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9288",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9288"
},
{
"category": "external",
"summary": "https://github.com/browserify/sha.js/pull/78",
"url": "https://github.com/browserify/sha.js/pull/78"
},
{
"category": "external",
"summary": "https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5",
"url": "https://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9287",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9287"
}
],
"release_date": "2025-08-20T21:59:44.728000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-16T20:12:11+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:16020"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:f743970668c72ff357ebfc910ddd5110c95a39754862d74d31e108c5993c5ace_amd64",
"Red Hat Developer Hub 1.7:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:affdf0b2d703d865f850e8191e7022d31b7d7f1b0196845e4fb3c0fd5ac7044d_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "sha.js: Missing type checks leading to hash rewind and passing on crafted data"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…