csaf_redhat - rhsa-2025:21148

rhsa-2025:21148

Vulnerability from csaf_redhat

Published
2025-11-25 02:09
Modified
2025-11-26 15:51
Summary
Red Hat Security Advisory: Red Hat build of Cryostat 4.1.0: new RHEL 9 container image security update
Notes
Topic
New Red Hat build of Cryostat 4.1.0 on RHEL 9 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The Cryostat 4 on RHEL 9 container images have been updated to fix several bugs. Users of Cryostat 4 on RHEL 9 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images. Security Fix(es): * database/sql: Postgres Scan Race Condition (CVE-2025-47907) * netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056) You can find images updated by this advisory in the Red Hat Container Catalog (see the References section).
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
JSON
To clipboard
{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "New Red Hat build of Cryostat 4.1.0 on RHEL 9 container images are now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Cryostat 4 on RHEL 9 container images have been updated to fix several bugs.\n\nUsers of Cryostat 4 on RHEL 9 container images are advised to upgrade to these updated images, which contain backported patches to fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.\n\nSecurity Fix(es):\n\n* database/sql: Postgres Scan Race Condition (CVE-2025-47907)\n* netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions (CVE-2025-58056)\n\nYou can find images updated by this advisory in the Red Hat Container Catalog (see the References section).",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:21148",
        "url": "https://access.redhat.com/errata/RHSA-2025:21148"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2387083",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
      },
      {
        "category": "external",
        "summary": "2392996",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_21148.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat build of Cryostat 4.1.0: new RHEL 9 container image security update",
    "tracking": {
      "current_release_date": "2025-11-26T15:51:11+00:00",
      "generator": {
        "date": "2025-11-26T15:51:11+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2025:21148",
      "initial_release_date": "2025-11-25T02:09:04+00:00",
      "revision_history": [
        {
          "date": "2025-11-25T02:09:04+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-11-25T02:09:04+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-26T15:51:11+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Cryostat 4 on RHEL 9",
                "product": {
                  "name": "Cryostat 4 on RHEL 9",
                  "product_id": "9Base-Cryostat-4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:cryostat:4::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Cryostat"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
                "product": {
                  "name": "cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
                  "product_id": "cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.6.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
                "product": {
                  "name": "cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
                  "product_id": "cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
                "product": {
                  "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
                  "product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
                "product": {
                  "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
                  "product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
                "product": {
                  "name": "cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
                  "product_id": "cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
                "product": {
                  "name": "cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
                  "product_id": "cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
                "product": {
                  "name": "cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
                  "product_id": "cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
                "product": {
                  "name": "cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
                  "product_id": "cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
                "product": {
                  "name": "cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
                  "product_id": "cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64",
                "product": {
                  "name": "cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64",
                  "product_id": "cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee?arch=amd64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.1.0-11"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
                "product": {
                  "name": "cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
                  "product_id": "cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-agent-init-rhel9\u0026tag=0.6.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
                "product": {
                  "name": "cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
                  "product_id": "cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-db-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
                "product": {
                  "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
                  "product_id": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-grafana-dashboard-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
                "product": {
                  "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
                  "product_id": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-openshift-console-plugin-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
                "product": {
                  "name": "cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
                  "product_id": "cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-reports-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
                "product": {
                  "name": "cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
                  "product_id": "cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
                "product": {
                  "name": "cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
                  "product_id": "cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-operator-bundle\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
                "product": {
                  "name": "cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
                  "product_id": "cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-rhel9-operator\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
                "product": {
                  "name": "cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
                  "product_id": "cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/cryostat-storage-rhel9\u0026tag=4.1.0-11"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
                "product": {
                  "name": "cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
                  "product_id": "cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0?arch=arm64\u0026repository_url=registry.redhat.io/cryostat/jfr-datasource-rhel9\u0026tag=4.1.0-11"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "arm64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64"
        },
        "product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64"
        },
        "product_reference": "cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64"
        },
        "product_reference": "cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64"
        },
        "product_reference": "cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64"
        },
        "product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64"
        },
        "product_reference": "cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64"
        },
        "product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64"
        },
        "product_reference": "cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64"
        },
        "product_reference": "cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64"
        },
        "product_reference": "cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64"
        },
        "product_reference": "cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64"
        },
        "product_reference": "cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64"
        },
        "product_reference": "cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64"
        },
        "product_reference": "cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64"
        },
        "product_reference": "cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64"
        },
        "product_reference": "cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64"
        },
        "product_reference": "cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64"
        },
        "product_reference": "cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64"
        },
        "product_reference": "cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64 as a component of Cryostat 4 on RHEL 9",
          "product_id": "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
        },
        "product_reference": "cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64",
        "relates_to_product_reference": "9Base-Cryostat-4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-47907",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "discovery_date": "2025-08-07T16:01:06.247481+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2387083"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leading to inconsistent data being returned to the application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "database/sql: Postgres Scan Race Condition",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This vulnerability marked as Moderate severity issues rather than Important. The os/exec LookPath flaw requires a misconfigured PATH to be exploitable, and the database/sql race condition primarily impacts applications that cancel queries while running multiple queries concurrently. Both can cause unexpected behavior, but the exploitation scope is limited and unlikely to result in direct compromise in most typical deployments.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nRed Hat enforces the principle of least functionality, ensuring that only essential features, services, and ports are enabled. The environment leverages malicious code protections such as IPS/IDS and antimalware solutions that detect and respond to indicators in real time, limiting the impact of exploitation attempts. Static code analysis and peer code review techniques are used to execute robust input validation and error-handling mechanisms to ensure all user inputs are thoroughly validated, preventing improperly validated inputs from causing system instability, exposing sensitive data, or escalating risks. In the case of successful exploitation, detection and containment controls are in place to limit impacts by alerting on anomalous system behavior in real time, while process isolation and automated orchestration via Kubernetes minimize the likelihood of concurrent execution scenarios that would trigger the race condition and help contain the impact to a single process.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-47907"
        },
        {
          "category": "external",
          "summary": "RHBZ#2387083",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2387083"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-47907",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-47907"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
        },
        {
          "category": "external",
          "summary": "https://go.dev/cl/693735",
          "url": "https://go.dev/cl/693735"
        },
        {
          "category": "external",
          "summary": "https://go.dev/issue/74831",
          "url": "https://go.dev/issue/74831"
        },
        {
          "category": "external",
          "summary": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM",
          "url": "https://groups.google.com/g/golang-announce/c/x5MKroML2yM"
        },
        {
          "category": "external",
          "summary": "https://pkg.go.dev/vuln/GO-2025-3849",
          "url": "https://pkg.go.dev/vuln/GO-2025-3849"
        }
      ],
      "release_date": "2025-08-07T15:25:30.704000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-25T02:09:04+00:00",
          "details": "You can download the Cryostat 4 on RHEL 9 container images that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).\n\nDockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21148"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "database/sql: Postgres Scan Race Condition"
    },
    {
      "cve": "CVE-2025-58056",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "discovery_date": "2025-09-03T21:01:22.935850+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2392996"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw in Netty\u2019s HTTP/1.1 chunked encoding parser allows newline (LF) characters in chunk extensions to be incorrectly treated as the end of the chunk-size line instead of requiring the proper CRLF sequence. This discrepancy can be exploited in rare cases where a reverse proxy interprets the same input differently, potentially enabling HTTP request smuggling attacks such as bypassing access controls or corrupting responses.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue is considered Moderate rather than Important because successful exploitation depends on a very specific deployment condition: the presence of an intermediary reverse proxy that both mishandles lone LF characters in chunk extensions and forwards them unmodified to Netty. By itself, Netty\u2019s parsing quirk does not introduce risk, and in most real-world environments, reverse proxies normalize or reject malformed chunked requests, preventing smuggling. As a result, the vulnerability has limited reach, requires a niche configuration to be exploitable, and does not universally expose Netty-based servers to request smuggling\u2014hence it is rated moderate in severity rather than important or critical.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successfully exploiting a CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027) vulnerability and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nThe platform uses secure, encrypted HTTPS connections over TLS 1.2 to reduce the risk of smuggling attacks by preventing the injection of ambiguous or malformed requests between components. The environment employs IPS/IDS and antimalware solutions to detect and block malicious code while ensuring consistent interpretation of HTTP requests across network layers, mitigating request/response inconsistencies. Event logs are collected and analyzed for centralization, correlation, monitoring, alerting, and retention, enabling the detection of malformed or suspicious HTTP traffic. Static code analysis and peer reviews enforce strong input validation and error handling to ensure all user inputs adhere to HTTP protocol specifications.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
          "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
          "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2025-58056"
        },
        {
          "category": "external",
          "summary": "RHBZ#2392996",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2025-58056",
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-58056"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056"
        },
        {
          "category": "external",
          "summary": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",
          "url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"
        },
        {
          "category": "external",
          "summary": "https://github.com/JLLeitschuh/unCVEed/issues/1",
          "url": "https://github.com/JLLeitschuh/unCVEed/issues/1"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",
          "url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/issues/15522",
          "url": "https://github.com/netty/netty/issues/15522"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/pull/15611",
          "url": "https://github.com/netty/netty/pull/15611"
        },
        {
          "category": "external",
          "summary": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",
          "url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"
        },
        {
          "category": "external",
          "summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
          "url": "https://w4ke.info/2025/06/18/funky-chunks.html"
        }
      ],
      "release_date": "2025-09-03T20:56:50.732000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-11-25T02:09:04+00:00",
          "details": "You can download the Cryostat 4 on RHEL 9 container images that this update provides from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available in the Red Hat Container Catalog (see the References section).\n\nDockerfiles and scripts should be amended to refer to this new image specifically or to the latest image generally.",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:21148"
        },
        {
          "category": "workaround",
          "details": "To mitigate this issue, enforce strict RFC compliance on all front-end proxies and load balancers so that lone LF characters in chunk extensions are rejected or normalized before being forwarded. Additionally, configure input validation at the application or proxy layer to block malformed chunked requests, ensuring consistent parsing across all components in the request path.",
          "product_ids": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:6131bab8c57f7608d37771c0bbd0ba17daec52b641074ad86384a2dbbb43ddfd_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-agent-init-rhel9@sha256:bbaf34588cfb337f4324c9caf2a8497610d69099291cbd573922478b7b7ee447_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:17cbab7fe73eb58acb9839aac0f0cf12252807df24b1239e8524c59c4fc8e7e1_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-db-rhel9@sha256:bb55018720bf3d6d84acaa9838c1784eeec9c9e087a68e269182fd1f4444c825_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:1a88153e3a6f9e5c50a99169cc85e6be87765958a1e5df236e48f3a1643f71ba_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-grafana-dashboard-rhel9@sha256:c2e5d2779e6c54dd165e601f5238ab60b6b75cb444ccb5b28a32b8ee6cb68d9a_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:7e33533e0ff3deeccabbd5fb42a72e27947137bacae8229470e2851e1f575dee_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-openshift-console-plugin-rhel9@sha256:ecacef779a92182ca35c0c174cf3264855e3b7e4a842713073d26fc5e21fa99f_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:1576edbc051949f855996b297e7f36015186ef1f883d8f8d66442011d09572c5_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-operator-bundle@sha256:cfc2970ea2ff3d0f5dbe777fd8bcb2962a3fa123aa7692c48978960aa09011c4_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:199cef0b50b631e9a8e0190430956d2274a6b0ccd56d4a8526f26a66e52d5f66_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-reports-rhel9@sha256:f1d16268cde3d09c07461a5f9f89f1919dc0e870b49805c66b827f92a2950678_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:32cacdcb0bb6f2cd20030c44d8b0f189e1f437e765cdf1c1d8d4168baaaa8986_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9-operator@sha256:eab8668b44394815a3e6ac3dfa7223660d8157bfc79e1bce9a6805f4fb9a4f9d_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:757af424dad995da441b5a104cf2105228aa81155b930ddecb107c8995d35002_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-rhel9@sha256:896d478190a4db75aa48f27b8924ac549e389279d0bccc55af441e3dedbcede9_amd64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:0f761afdc28f562ab3802015a077a0be8138f95dbe5bc79314fa8536d9a8ec6e_arm64",
            "9Base-Cryostat-4:cryostat/cryostat-storage-rhel9@sha256:4f111af2b04b9790e679fbcaf0b972f2cc9ffd81bff1e050e1ee16d67934b4d1_amd64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:4b57bfa593719ddd8c42e68593aef24c5bdb9fee0916dc47922e2a012ac58bd0_arm64",
            "9Base-Cryostat-4:cryostat/jfr-datasource-rhel9@sha256:58161e06e4ee52211100dc245d37732930d9342e067ac5e747adb752197239ee_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "netty-codec-http: Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions"
    }
  ]
}
CVE-2025-58056 (GCVE-0-2025-58056)

Vulnerability from cvelistv5

Published
2025-09-03 20:56
Modified
2025-09-05 18:41
Severity ?
2.9 (Low) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
CWE
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Summary
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.
References
URL
	Vendor	Product	Version
	netty	netty	Version: >= 4.2.0.Alpha3, < 4.2.5.Final Version: <= 4.1.124.Final, < 4.1.125.Final
CVE-2025-47907 (GCVE-0-2025-47907)

Vulnerability from cvelistv5

Published
2025-08-07 15:25
Modified
2025-11-04 21:10
Severity ?
7.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
CWE
CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Summary
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
References
URL
	Vendor	Product	Version
	Go standard library	database/sql	Version: 0 ≤ Version: 1.24.0 ≤
Sightings

Author	Source	Type	Date
Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Action not permitted

rhsa-2025:21148

Vulnerability from csaf_redhat

CVE-2025-58056 (GCVE-0-2025-58056)

Vulnerability from cvelistv5

CVE-2025-47907 (GCVE-0-2025-47907)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature
