RHSA-2026:3406
Vulnerability from csaf_redhat - Published: 2026-02-26 07:14 - Updated: 2026-03-26 23:13Summary
Red Hat Security Advisory: New container image: rhceph-9.0
Severity
Important
Notes
Topic: A new version of Red Hat build of Ceph Storage has been released
Details: The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 9.0.
This release updates to the latest version.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.
7.5 (High)
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
7.2 (High)
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
A flaw was found in the golang-jwt package. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they can miss the embedded `jwt.ErrTokenSignatureInvalid`, and thus, potentially accept invalid tokens.
CWE-755 - Improper Handling of Exceptional Conditions
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects: - In browser and non-secure, the code infinite loops on while (size--) - In node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when i is initialized to poolOffset, pool[i] & 63 -> undefined & 63 -> 0 - If the first call in node is a fractional argument, the initial buffer allocation fails with an error The highest impact of this issue system availability.
6.5 (Medium)
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.
7.5 (High)
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A vulnerability related to predictable random number generation has been discovered in the form-data JavaScript library. The library utilizes Math.random() to determine boundary values for multipart form-encoded data. This presents a security risk if an attacker can observe other values generated by Math.random() within the target application and simultaneously control at least one field of a request made using form-data. Under these conditions, the attacker could potentially predict or determine the boundary values. This predictability could be leveraged to bypass security controls, manipulate form data, or potentially lead to data integrity issues or other forms of exploitation.
5.4 (Medium)
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.
6.1 (Medium)
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, ".")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.
7.5 (High)
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
Workaround
To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.
A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.
4.5 (Medium)
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.
7.5 (High)
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.
7.5 (High)
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.
7.5 (High)
Vendor Fix
The container images provided by this update can be downloaded from the
Red Hat container registry at registry.redhat.io using the "podman pull" command.
https://access.redhat.com/errata/RHSA-2026:3406
References
Acknowledgments
jub0bs
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A new version of Red Hat build of Ceph Storage has been released",
"title": "Topic"
},
{
"category": "general",
"text": "The Red Hat Storage Ceph container images are based on the latest ubi9 base image and Ceph 9.0.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:3406",
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2019-10790",
"url": "https://access.redhat.com/security/cve/CVE-2019-10790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2021-23358",
"url": "https://access.redhat.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-51744",
"url": "https://access.redhat.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-14104",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22868",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26791",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6176",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66418",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-66471",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-7783",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21441",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2419369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419369"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/",
"url": "https://docs.redhat.com/en/documentation/red_hat_ceph_storage/"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12073",
"url": "https://issues.redhat.com/browse/RHCEPH-12073"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12075",
"url": "https://issues.redhat.com/browse/RHCEPH-12075"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12417",
"url": "https://issues.redhat.com/browse/RHCEPH-12417"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12470",
"url": "https://issues.redhat.com/browse/RHCEPH-12470"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12508",
"url": "https://issues.redhat.com/browse/RHCEPH-12508"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12555",
"url": "https://issues.redhat.com/browse/RHCEPH-12555"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12558",
"url": "https://issues.redhat.com/browse/RHCEPH-12558"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHCEPH-12577",
"url": "https://issues.redhat.com/browse/RHCEPH-12577"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3406.json"
}
],
"title": "Red Hat Security Advisory: New container image: rhceph-9.0",
"tracking": {
"current_release_date": "2026-03-26T23:13:08+00:00",
"generator": {
"date": "2026-03-26T23:13:08+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.4"
}
},
"id": "RHSA-2026:3406",
"initial_release_date": "2026-02-26T07:14:51+00:00",
"revision_history": [
{
"date": "2026-02-26T07:14:51+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-02-26T07:14:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-26T23:13:08+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ceph Storage 9",
"product": {
"name": "Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ceph_storage:9::el10"
}
}
}
],
"category": "product_family",
"name": "Red Hat Ceph Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3A731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3A5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771398877"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3A2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3Ad2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771816028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3A9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997?arch=amd64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399060"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3Ac6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3A2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3A25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771398877"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3A6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3A53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771816028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3Ab8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6?arch=arm64\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399060"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3A9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3Af2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3Abbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771398877"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3A3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3Aca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771816028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3A1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d?arch=ppc64le\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399060"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"product": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"product_id": "registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/alloy-rhel10@sha256%3Ae1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399158"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"product": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"product_id": "registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"product_identification_helper": {
"purl": "pkg:oci/grafana-rhel10@sha256%3A11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399331"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-haproxy-rhel9@sha256%3Acac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771398877"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"product": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"product_id": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/keepalived-rhel10@sha256%3A2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399022"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"product": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"product_id": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"product_identification_helper": {
"purl": "pkg:oci/rhceph-9-rhel9@sha256%3A8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771816028"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x",
"product": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x",
"product_id": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x",
"product_identification_helper": {
"purl": "pkg:oci/snmp-notifier-rhel10@sha256%3Aeb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd?arch=s390x\u0026repository_url=registry.redhat.io/rhceph\u0026tag=1771399060"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x"
},
"product_reference": "registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64"
},
"product_reference": "registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x"
},
"product_reference": "registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64 as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x as a component of Red Hat Ceph Storage 9",
"product_id": "Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
},
"product_reference": "registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x",
"relates_to_product_reference": "Red Hat Ceph Storage 9"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-10790",
"discovery_date": "2025-08-20T22:37:38.151000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2389970"
}
],
"notes": [
{
"category": "description",
"text": "taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "taffy: taffydb: Internal Property Tampering",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-10790"
},
{
"category": "external",
"summary": "RHBZ#2389970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2389970"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-10790",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10790"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450",
"url": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450"
},
{
"category": "external",
"summary": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521",
"url": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521"
},
{
"category": "external",
"summary": "https://www.usenix.org/system/files/sec21-xiao.pdf",
"url": "https://www.usenix.org/system/files/sec21-xiao.pdf"
}
],
"release_date": "2020-02-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "taffy: taffydb: Internal Property Tampering"
},
{
"cve": "CVE-2021-23358",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2021-03-29T00:00:00+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1944286"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nodejs-underscore. Arbitrary code execution via the template function is possible, particularly when a variable property is passed as an argument as it is not sanitized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs-underscore: Arbitrary code execution via the template function",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Whilst the OpenShift Container Platform (OCP) openshift4/ose-grafana and openshift3/grafana as well as console, grc-ui and search-ui containers for Red Hat Advanced Management for Kubernetes (RHACM) include the vulnerable underscore library, the access to it is protected by OpenShift OAuth. Additionally this library is used in openshift4/ose-grafana container only in Grafana End-to-End Test package. Therefore the impact by this flaw is reduced to Low and the affected OCP components are marked as \"will not fix\" at this time and to Moderate for the affected RHACM components. This might be fixed in a future release.\n\nRed Hat Enterprise Virtualization includes the vulnerable underscore library, however it is not parsing any untrusted data, therefore impact is reduced to Low.\n\nBelow Red Hat products include the underscore dependency, but it is not used by the product and hence this issue has been rated as having a security impact of Low.\n\n* Red Hat Quay\n* Red Hat Gluster Storage 3\n* Red Hat OpenShift Container Storage 4\n* Red Hat Ceph Storage 3 and 4",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2021-23358"
},
{
"category": "external",
"summary": "RHBZ#1944286",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1944286"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2021-23358",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23358"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23358"
}
],
"release_date": "2021-03-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs-underscore: Arbitrary code execution via the template function"
},
{
"cve": "CVE-2024-51744",
"cwe": {
"id": "CWE-755",
"name": "Improper Handling of Exceptional Conditions"
},
"discovery_date": "2024-11-04T22:01:08.655905+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2323735"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt package. Unclear documentation of the error behavior in `ParseWithClaims` can lead to situation where users are not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by `ParseWithClaims` return both error codes. If users only check for the `jwt.ErrTokenExpired ` using `error.Is`, they can miss the embedded `jwt.ErrTokenSignatureInvalid`, and thus, potentially accept invalid tokens.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-51744"
},
{
"category": "external",
"summary": "RHBZ#2323735",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2323735"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-51744",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51744"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51744"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c",
"url": "https://github.com/golang-jwt/jwt/commit/7b1c1c00a171c6c79bbdb40e4ce7d197060c1c2c"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-29wx-vh33-7x7r"
}
],
"release_date": "2024-11-04T21:47:12.170000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "golang-jwt: Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in nanoid. Affected versions of nanoid mishandles non-integer values. When nanoid is called with a fractional value, there were a number of undesirable effects:\n\n- In browser and non-secure, the code infinite loops on while (size--)\n- In node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when i is initialized to poolOffset, pool[i] \u0026 63 -\u003e undefined \u0026 63 -\u003e 0\n- If the first call in node is a fractional argument, the initial buffer allocation fails with an error\n\nThe highest impact of this issue system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2025-6176",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-10-31T01:00:56.408048+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408762"
}
],
"notes": [
{
"category": "description",
"text": "Scrapy are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less than 80GB of available memory. This occurs because brotli can achieve extremely high compression ratios for zero-filled data, leading to excessive memory consumption during decompression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products. The flaw in Scrapy\u0027s brotli decompression implementation allows remote attackers to trigger a denial of service by sending specially crafted brotli-compressed data. This can lead to excessive memory consumption and system instability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6176"
},
{
"category": "external",
"summary": "RHBZ#2408762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408762"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6176"
},
{
"category": "external",
"summary": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0",
"url": "https://huntr.com/bounties/2c26a886-5984-47ee-a421-0d5fe1344eb0"
}
],
"release_date": "2025-10-31T00:00:21.219000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS"
},
{
"cve": "CVE-2025-7783",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-07-18T17:00:43.396637+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2381959"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability related to predictable random number generation has been discovered in the form-data JavaScript library. The library utilizes Math.random() to determine boundary values for multipart form-encoded data.\n\nThis presents a security risk if an attacker can observe other values generated by Math.random() within the target application and simultaneously control at least one field of a request made using form-data. Under these conditions, the attacker could potentially predict or determine the boundary values. This predictability could be leveraged to bypass security controls, manipulate form data, or potentially lead to data integrity issues or other forms of exploitation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "form-data: Unsafe random function in form-data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw does not affect host systems. The impact of this vulnerability is limited to specific applications which integrate the `form-data` library. As a result the impact of this CVE is limited on RedHat systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-7783"
},
{
"category": "external",
"summary": "RHBZ#2381959",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381959"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-7783",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7783"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7783"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0",
"url": "https://github.com/form-data/form-data/commit/3d1723080e6577a66f17f163ecd345a21d8d0fd0"
},
{
"category": "external",
"summary": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4",
"url": "https://github.com/form-data/form-data/security/advisories/GHSA-fjxv-7rqg-78g4"
}
],
"release_date": "2025-07-18T16:34:44.889000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "form-data: Unsafe random function in form-data"
},
{
"cve": "CVE-2025-14104",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2025-12-05T14:16:36.004000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419369"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-14104"
},
{
"category": "external",
"summary": "RHBZ#2419369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-14104",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14104"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14104"
}
],
"release_date": "2025-12-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-02-14T09:00:45.578144+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "RHBZ#2345695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://ensy.zip/posts/dompurify-323-bypass/",
"url": "https://ensy.zip/posts/dompurify-323-bypass/"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
"url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
},
{
"category": "external",
"summary": "https://nsysean.github.io/posts/dompurify-323-bypass/",
"url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
}
],
"release_date": "2025-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-05T17:01:20.277857+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419455"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain causes the client system to consume a virtually unbounded amount of CPU resources and memory. The high resource usage leads to service disruption, making the application unresponsive.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66418"
},
{
"category": "external",
"summary": "RHBZ#2419455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419455"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66418"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8",
"url": "https://github.com/urllib3/urllib3/commit/24d7b67eac89f94e11003424bcf0d8f7b72222a8"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53"
}
],
"release_date": "2025-12-05T16:02:15.271000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion"
},
{
"cve": "CVE-2025-66471",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-05T17:02:21.597728+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2419467"
}
],
"notes": [
{
"category": "description",
"text": "A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header (e.g., gzip, deflate, br, or zstd). The library must read compressed data from the network and decompress it until the requested chunk size is met. Any resulting decompressed data that exceeds the requested amount is held in an internal buffer for the next read operation. The decompression logic could cause urllib3 to fully decode a small amount of highly compressed data in a single operation. This can result in excessive resource consumption (high CPU usage and massive memory allocation for the decompressed data; CWE-409) on the client side, even if the application only requested a small chunk of data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 Streaming API improperly handles highly compressed data",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66471"
},
{
"category": "external",
"summary": "RHBZ#2419467",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2419467"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66471"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7",
"url": "https://github.com/urllib3/urllib3/commit/c19571de34c47de3a766541b041637ba5f716ed7"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37"
}
],
"release_date": "2025-12-05T16:06:08.531000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 Streaming API improperly handles highly compressed data"
},
{
"cve": "CVE-2026-21441",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-01-07T23:01:59.422078+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427726"
}
],
"notes": [
{
"category": "description",
"text": "urllib3 is an HTTP client library for Python. urllib3\u0027s streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP `Content-Encoding` header (e.g., `gzip`, `deflate`, `br`, or `zstd`). When using the streaming API, the library decompresses only the necessary bytes, enabling partial content consumption. Starting in version 1.22 and prior to version 2.6.3, for HTTP redirect responses, the library would read the entire response body to drain the connection and decompress the content unnecessarily. This decompression occurred even before any read methods were called, and configured read limits did not restrict the amount of decompressed data. As a result, there was no safeguard against decompression bombs. A malicious server could exploit this to trigger excessive resource consumption on the client. Applications and libraries are affected when they stream content from untrusted sources by setting `preload_content=False` when they do not disable redirects. Users should upgrade to at least urllib3 v2.6.3, in which the library does not decode content of redirect responses when `preload_content=False`. If upgrading is not immediately possible, disable redirects by setting `redirect=False` for requests to untrusted source.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"known_not_affected": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21441"
},
{
"category": "external",
"summary": "RHBZ#2427726",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427726"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21441"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b",
"url": "https://github.com/urllib3/urllib3/commit/8864ac407bba8607950025e0979c4c69bc7abc7b"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99"
}
],
"release_date": "2026-01-07T22:09:01.936000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-02-26T07:14:51+00:00",
"details": "The container images provided by this update can be downloaded from the\nRed Hat container registry at registry.redhat.io using the \"podman pull\" command.",
"product_ids": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:3406"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:731f7fa196ecfcbe18a567255eb024acb0a9bed40e379914f97d082286e89db6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:9ca23b76bfed563dbe9e61e456496b683f8ac8bd232b272929cf4088217f1b7e_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:c6dda8058ecebc7d47cc6eb6f6e0b1fc261bb34140d424638b207f770f50d2cb_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/alloy-rhel10@sha256:e1952690c30f653c3f2397009d7dbfc99ccf2f05b3643dcfd6bb306539af6aac_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:11f4acab7eb81b844ef593b87d6aa102ee17b1a200f4c2d057a8dc5df731bf75_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:2c8bad4973281d8ccdc6e4473c1ff76730323d59c3a18a948afcb1b5da520fd5_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:5db7079eda6f63fc31478ff997720562c66407dd99e3db5b19bec26b9fbefd78_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/grafana-rhel10@sha256:f2793ac49db5fee22b371b28a34e228a02b698f4a0df8f93d649fbb159ded955_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2a637efb3d93af38cf764a50e3b8265049562c8540315ead097ed1dbee8c1a7e_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:2af95703be42122fd2b6102f7b09c51a803a46e522e9063b7089a101de2de605_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:3fdd2ca33d42b8ccff8a3ce8f28d8ae2f855167f5971a3d5cd58ff3d0199f6fb_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/keepalived-rhel10@sha256:6862082a36ed2091a6b50d20c3f036b3701df89de3e3cb3ab8b57d78e09cae38_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:53a72419a7e4f4b332b9c6759ff1c389f226e26599236bc770d367c68bba911a_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:8c65a91917296ce25845bd673c521448c89140a126216bf939355b40d38770db_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:ca957dd041420e31be585cf8120c079163f660a448e30f67aa51f4509f52cb34_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-9-rhel9@sha256:d2900877ae6b3efdc8b693672b7bc6ac8d5ff95208a3a2a3ad85dcc03119ec41_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:25e0a506c1234d96d6ef4d4524e1091bd3f7ba84a1ed30ba1ad60c78db22d005_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:5e50f331766db22a5d349e9705ff720e4ed112a2ba047ada4305ad79ce468ec6_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:bbe3dfce113c2fbdb300c7184e3ac18e08319f68245bc3ace9b176af41d8b509_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/rhceph-haproxy-rhel9@sha256:cac361a6c9b76b8da77c9a2a2cc147b54aebba5e4696f12fec74af7218006b8d_s390x",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:1955c8ad978f2e09e524a8e38a53942f0ba6175499bc9643c3bcd9ccb3df308d_ppc64le",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:9679161550968a9c68111f57071dd8a128f16d25cb487c45adc799d17a8f4997_amd64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:b8f3434277e55c0d398b7a992afbadeaf8f08cb1b43e3f64956756032111aba6_arm64",
"Red Hat Ceph Storage 9:registry.redhat.io/rhceph/snmp-notifier-rhel10@sha256:eb8e4c6e5f3ee09686374c0eb73d123990a403c50eee4bd8a1ba2e7f99e4bffd_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3 vulnerable to decompression-bomb safeguard bypass when following HTTP redirects (streaming API)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…