RHSA-2026:39058

Vulnerability from csaf_redhat - Published: 2026-07-13 23:42 - Updated: 2026-07-15 15:04
Summary
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
Severity
Critical
Notes
Topic: An update for Red Hat Hardened Images RPMs is now available.
Details: This update includes the following RPMs: prometheus3.13: * prometheus3.13-3.13.1-0.1.hum1 (aarch64, x86_64) * prometheus3.13-3.13.1-0.1.hum1.src (src)
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

A flaw was found in Vitest, a testing framework. In Vitest Browser Mode, a remote attacker could craft a specific browser-runner URL that, when visited, would allow the execution of arbitrary JavaScript code within the Vitest server. This vulnerability could also lead to the recovery of the VITEST_API_TOKEN, potentially enabling unauthorized authenticated API calls and further compromise of the system.

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:prometheus3-13-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:prometheus3-13-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:prometheus3-13-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Critical

A flaw was found in Vitest, a testing framework. On Windows, the Vitest UI/API server incorrectly handled file serving, which could allow an attacker to read sensitive files outside the project directory. Additionally, exposed API features could be exploited to execute arbitrary scripts, leading to potential system compromise.

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Affected products
Product Identifier Version Remediation
Unresolved product id: Red Hat Hardened Images:prometheus3-13-main@aarch64
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:prometheus3-13-main@src
Vendor Fix fix
Workaround
Unresolved product id: Red Hat Hardened Images:prometheus3-13-main@x86_64
Vendor Fix fix
Workaround
Threats
Impact Critical
References
URL Category
https://access.redhat.com/errata/RHSA-2026:39058 self
https://images.redhat.com/ external
https://access.redhat.com/security/cve/CVE-2026-47428 external
https://access.redhat.com/security/updates/classi… external
https://access.redhat.com/security/cve/CVE-2026-47429 external
https://security.access.redhat.com/data/csaf/v2/a… self
https://access.redhat.com/security/cve/CVE-2026-47428 self
https://bugzilla.redhat.com/show_bug.cgi?id=2500578 external
https://www.cve.org/CVERecord?id=CVE-2026-47428 external
https://nvd.nist.gov/vuln/detail/CVE-2026-47428 external
https://github.com/vitest-dev/vitest/commit/18af9… external
https://github.com/vitest-dev/vitest/commit/3514f… external
https://github.com/vitest-dev/vitest/pull/10283 external
https://github.com/vitest-dev/vitest/pull/10285 external
https://github.com/vitest-dev/vitest/releases/tag… external
https://github.com/vitest-dev/vitest/releases/tag… external
https://github.com/vitest-dev/vitest/security/adv… external
https://access.redhat.com/security/cve/CVE-2026-47429 self
https://bugzilla.redhat.com/show_bug.cgi?id=2500573 external
https://www.cve.org/CVERecord?id=CVE-2026-47429 external
https://nvd.nist.gov/vuln/detail/CVE-2026-47429 external
https://github.com/vitest-dev/vitest/commit/20e00… external
https://github.com/vitest-dev/vitest/commit/af88b… external
https://github.com/vitest-dev/vitest/pull/10445 external
https://github.com/vitest-dev/vitest/pull/9350 external
https://github.com/vitest-dev/vitest/releases/tag… external
https://github.com/vitest-dev/vitest/releases/tag… external
https://github.com/vitest-dev/vitest/security/adv… external

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\nprometheus3.13:\n  * prometheus3.13-3.13.1-0.1.hum1 (aarch64, x86_64)\n  * prometheus3.13-3.13.1-0.1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:39058",
        "url": "https://access.redhat.com/errata/RHSA-2026:39058"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-47428",
        "url": "https://access.redhat.com/security/cve/CVE-2026-47428"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-47429",
        "url": "https://access.redhat.com/security/cve/CVE-2026-47429"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_39058.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-07-15T15:04:48+00:00",
      "generator": {
        "date": "2026-07-15T15:04:48+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.6"
        }
      },
      "id": "RHSA-2026:39058",
      "initial_release_date": "2026-07-13T23:42:49+00:00",
      "revision_history": [
        {
          "date": "2026-07-13T23:42:49+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-07-15T10:51:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-07-15T15:04:48+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "prometheus3-13-main@aarch64",
                "product": {
                  "name": "prometheus3-13-main@aarch64",
                  "product_id": "prometheus3-13-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus3.13@3.13.1-0.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "prometheus3-13-main@src",
                "product": {
                  "name": "prometheus3-13-main@src",
                  "product_id": "prometheus3-13-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus3.13@3.13.1-0.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "prometheus3-13-main@x86_64",
                "product": {
                  "name": "prometheus3-13-main@x86_64",
                  "product_id": "prometheus3-13-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/prometheus3.13@3.13.1-0.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus3-13-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:prometheus3-13-main@aarch64"
        },
        "product_reference": "prometheus3-13-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus3-13-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:prometheus3-13-main@src"
        },
        "product_reference": "prometheus3-13-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "prometheus3-13-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:prometheus3-13-main@x86_64"
        },
        "product_reference": "prometheus3-13-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-47428",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2026-07-14T20:03:51.551433+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2500578"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Vitest, a testing framework. In Vitest Browser Mode, a remote attacker could craft a specific browser-runner URL that, when visited, would allow the execution of arbitrary JavaScript code within the Vitest server. This vulnerability could also lead to the recovery of the VITEST_API_TOKEN, potentially enabling unauthorized authenticated API calls and further compromise of the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vitest: Vitest: Arbitrary code execution via crafted browser-runner URL",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Red Hat has assessed this flaw against its shipping products. The vulnerability requires @vitest/browser (Vitest\u0027s opt-in Browser Mode) to be installed and actively enabled; it does not affect the core `vitest` test runner used without Browser Mode. None of Red Hat\u0027s shipping products install or execute @vitest/browser, and none configure or enable Browser Mode. Where Vitest is present, it is used strictly as a build/test-time devDependency (core vitest and its non-browser submodules such as expect, runner, snapshot, spy, and utils), not as a shipped runtime component, and several affected streams already ship patched versions (\u003e=4.1.6) or versions below the vulnerable range. Accordingly, while the CVSS score reflects a genuinely severe flaw in Vitest Browser Mode upstream, Red Hat\u0027s shipping products are not reachable via this vulnerability.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:prometheus3-13-main@aarch64",
          "Red Hat Hardened Images:prometheus3-13-main@src",
          "Red Hat Hardened Images:prometheus3-13-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-47428"
        },
        {
          "category": "external",
          "summary": "RHBZ#2500578",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2500578"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-47428",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47428"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47428",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47428"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/commit/18af98cee1830604d57f6a02bf28f8067cdffc06",
          "url": "https://github.com/vitest-dev/vitest/commit/18af98cee1830604d57f6a02bf28f8067cdffc06"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/commit/3514f9fa135c90e1c35754fc4d27c9cf351faafa",
          "url": "https://github.com/vitest-dev/vitest/commit/3514f9fa135c90e1c35754fc4d27c9cf351faafa"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/pull/10283",
          "url": "https://github.com/vitest-dev/vitest/pull/10283"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/pull/10285",
          "url": "https://github.com/vitest-dev/vitest/pull/10285"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/releases/tag/v4.1.6",
          "url": "https://github.com/vitest-dev/vitest/releases/tag/v4.1.6"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/releases/tag/v5.0.0-beta.3",
          "url": "https://github.com/vitest-dev/vitest/releases/tag/v5.0.0-beta.3"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/security/advisories/GHSA-2h32-95rg-cppp",
          "url": "https://github.com/vitest-dev/vitest/security/advisories/GHSA-2h32-95rg-cppp"
        }
      ],
      "release_date": "2026-07-14T19:30:19.670000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-13T23:42:49+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:prometheus3-13-main@aarch64",
            "Red Hat Hardened Images:prometheus3-13-main@src",
            "Red Hat Hardened Images:prometheus3-13-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39058"
        },
        {
          "category": "workaround",
          "details": "No mitigation is required for Red Hat shipping products, as the vulnerable @vitest/browser package and Browser Mode feature are not present or enabled in any Red Hat product. Development teams using Vitest as a build/test-time dependency should avoid introducing @vitest/browser or enabling Browser Mode in CI/local environments, and should upgrade to Vitest \u003e=4.1.6 (or \u003e=5.0.0-beta.3 on the 5.x beta line) where Vitest is used, as a matter of general hygiene.",
          "product_ids": [
            "Red Hat Hardened Images:prometheus3-13-main@aarch64",
            "Red Hat Hardened Images:prometheus3-13-main@src",
            "Red Hat Hardened Images:prometheus3-13-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:prometheus3-13-main@aarch64",
            "Red Hat Hardened Images:prometheus3-13-main@src",
            "Red Hat Hardened Images:prometheus3-13-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "vitest: Vitest: Arbitrary code execution via crafted browser-runner URL"
    },
    {
      "cve": "CVE-2026-47429",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "discovery_date": "2026-07-14T20:03:20.665764+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2500573"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Vitest, a testing framework. On Windows, the Vitest UI/API server incorrectly handled file serving, which could allow an attacker to read sensitive files outside the project directory. Additionally, exposed API features could be exploited to execute arbitrary scripts, leading to potential system compromise.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "vitest: Vitest: Arbitrary code execution and information disclosure via path traversal",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "Vitest ships a UI and API server (enabled via the --ui or --api flags, or automatically as part of Browser Mode) that exposes file read, file write, and test-rerun functionality over HTTP. Due to an incorrect path-traversal check in the /__vitest_attachment__ handler and related code paths, a remote attacker who can reach this server can read arbitrary files, and via the write/rerun features can achieve arbitrary code execution. Exploitation requires either exposing the server to a network host (--api.host / api.host config) or running the UI/Browser Mode on Windows.\n\nRed Hat\u0027s shipped products use vitest exclusively as a development-time unit test runner (invoked as `vitest run`, `test:unit`, or `--project` in CI/build pipelines). None of the Red Hat products that ship vitest start its UI server, API server, or Browser Mode as part of their build process or shipped runtime. The @vitest/browser package (required for Browser Mode) is not present in any Red Hat product\u0027s manifest. As a result, the vulnerable code path is not reachable in any Red Hat product covered by this flaw, and affects are set to NOTAFFECTED / Vulnerable Code not in Execute Path.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:prometheus3-13-main@aarch64",
          "Red Hat Hardened Images:prometheus3-13-main@src",
          "Red Hat Hardened Images:prometheus3-13-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-47429"
        },
        {
          "category": "external",
          "summary": "RHBZ#2500573",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2500573"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-47429",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-47429"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-47429",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47429"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/commit/20e00ef7808de6d330c5e2fda530f686e08f1c8d",
          "url": "https://github.com/vitest-dev/vitest/commit/20e00ef7808de6d330c5e2fda530f686e08f1c8d"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/commit/af88b1f5d82844a4761ea9a977156c98e2b14ca8",
          "url": "https://github.com/vitest-dev/vitest/commit/af88b1f5d82844a4761ea9a977156c98e2b14ca8"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/pull/10445",
          "url": "https://github.com/vitest-dev/vitest/pull/10445"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/pull/9350",
          "url": "https://github.com/vitest-dev/vitest/pull/9350"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/releases/tag/v3.2.5",
          "url": "https://github.com/vitest-dev/vitest/releases/tag/v3.2.5"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/releases/tag/v4.1.0",
          "url": "https://github.com/vitest-dev/vitest/releases/tag/v4.1.0"
        },
        {
          "category": "external",
          "summary": "https://github.com/vitest-dev/vitest/security/advisories/GHSA-5xrq-8626-4rwp",
          "url": "https://github.com/vitest-dev/vitest/security/advisories/GHSA-5xrq-8626-4rwp"
        }
      ],
      "release_date": "2026-07-14T19:28:08.688000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-07-13T23:42:49+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:prometheus3-13-main@aarch64",
            "Red Hat Hardened Images:prometheus3-13-main@src",
            "Red Hat Hardened Images:prometheus3-13-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:39058"
        },
        {
          "category": "workaround",
          "details": "No mitigation is required for Red Hat products, as none run Vitest\u0027s UI/API server or Browser Mode in their build or shipped runtime.\n\nDevelopers who run `vitest --ui`, `vitest --api`, or Browser Mode interactively should avoid binding the server to a non-localhost host, and should upgrade to vitest \u003e= 4.1.0 (or \u003e= 3.2.5 on the 3.x branch), where the allowWrite/allowExec flags default to disabled whenever the server is bound to a non-localhost host.",
          "product_ids": [
            "Red Hat Hardened Images:prometheus3-13-main@aarch64",
            "Red Hat Hardened Images:prometheus3-13-main@src",
            "Red Hat Hardened Images:prometheus3-13-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:prometheus3-13-main@aarch64",
            "Red Hat Hardened Images:prometheus3-13-main@src",
            "Red Hat Hardened Images:prometheus3-13-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "vitest: Vitest: Arbitrary code execution and information disclosure via path traversal"
    }
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…