Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-45149 (GCVE-0-2026-45149)
Vulnerability from cvelistv5 – Published: 2026-05-29 19:55 – Updated: 2026-06-01 16:44- CWE-400 - Uncontrolled Resource Consumption
| URL | Tags |
|---|---|
| https://github.com/juliangruber/brace-expansion/s… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| juliangruber | brace-expansion |
Affected:
>= 5.0.0, < 5.0.6
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-45149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-01T16:42:12.730782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-01T16:44:23.371Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "brace-expansion",
"vendor": "juliangruber",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0.0, \u003c 5.0.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like {1..10000000}, the sequence generation loop generates all 10 million intermediate elements before the max limit is applied With max=10, the output is correctly limited to 10 items, but the process still allocates ~505 MB and spends ~800ms building the full intermediate array. This vulnerability is fixed in 5.0.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T19:55:07.337Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"source": {
"advisory": "GHSA-jxxr-4gwj-5jf2",
"discovery": "UNKNOWN"
},
"title": "brace-expansion: Large numeric range defeats documented `max` DoS protection"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-45149",
"datePublished": "2026-05-29T19:55:07.337Z",
"dateReserved": "2026-05-08T20:44:38.964Z",
"dateUpdated": "2026-06-01T16:44:23.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-45149",
"date": "2026-07-19",
"epss": "0.00278",
"percentile": "0.19775"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-45149\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-05-29T20:16:25.550\",\"lastModified\":\"2026-06-17T10:51:42.447\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like {1..10000000}, the sequence generation loop generates all 10 million intermediate elements before the max limit is applied With max=10, the output is correctly limited to 10 items, but the process still allocates ~505 MB and spends ~800ms building the full intermediate array. This vulnerability is fixed in 5.0.6.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"juliangruber\",\"product\":\"brace-expansion\",\"versions\":[{\"version\":\"\u003e= 5.0.0, \u003c 5.0.6\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-01T16:42:12.730782Z\",\"id\":\"CVE-2026-45149\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juliangruber:brace-expansion:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.6\",\"matchCriteriaId\":\"E4186426-4293-4F74-9ABE-6F4DD671FADC\"}]}]}],\"references\":[{\"url\":\"https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-07-15T14:31:31+00:00",
"cve": "CVE-2026-45149",
"id": "CVE-2026-45149",
"initial_release_date": "2026-05-29T19:55:07.337000+00:00",
"product_status:fixed": "36",
"product_status:known_affected": "30",
"product_status:known_not_affected": "177",
"product_status:under_investigation": "103",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-45149.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"brace-expansion: Large numeric range defeats documented `max` DoS protection\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-400\", \"lang\": \"en\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"REQUIRED\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}}], \"references\": [{\"name\": \"https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2\"}], \"affected\": [{\"vendor\": \"juliangruber\", \"product\": \"brace-expansion\", \"versions\": [{\"version\": \"\u003e= 5.0.0, \u003c 5.0.6\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-05-29T19:55:07.337Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like {1..10000000}, the sequence generation loop generates all 10 million intermediate elements before the max limit is applied With max=10, the output is correctly limited to 10 items, but the process still allocates ~505 MB and spends ~800ms building the full intermediate array. This vulnerability is fixed in 5.0.6.\"}], \"source\": {\"advisory\": \"GHSA-jxxr-4gwj-5jf2\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-45149\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-01T16:42:12.730782Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-01T16:44:17.118Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-45149\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2026-05-08T20:44:38.964Z\", \"datePublished\": \"2026-05-29T19:55:07.337Z\", \"dateUpdated\": \"2026-06-01T16:44:23.371Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:7387
Vulnerability from csaf_redhat - Published: 2026-04-10 16:03 - Updated: 2026-07-19 03:56A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A memory exposure flaw has been discovered in Node.js. A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A file access flaw has been discovered in NodeJS. A file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js’s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on('uncaughtException')`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw in Node.js's permission model allows Unix Domain Socket (UDS) connections to bypass network restrictions when `--permission` is enabled. Even without `--allow-net`, attacker-controlled inputs (such as URLs or socketPath options) can connect to arbitrary local sockets via net, tls, or undici/fetch. This breaks the intended security boundary of the permission model and enables access to privileged local services, potentially leading to privilege escalation, data exposure, or local code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in V8's string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8's internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs22-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nnodejs22:\n * nodejs22-22.22.0-1.3.hum1 (aarch64, x86_64)\n * nodejs22-bin-22.22.0-1.3.hum1 (noarch)\n * nodejs22-devel-22.22.0-1.3.hum1 (aarch64, x86_64)\n * nodejs22-docs-22.22.0-1.3.hum1 (noarch)\n * nodejs22-full-i18n-22.22.0-1.3.hum1 (aarch64, x86_64)\n * nodejs22-libs-22.22.0-1.3.hum1 (aarch64, x86_64)\n * nodejs22-npm-10.9.4-1.22.22.0.1.3.hum1 (noarch)\n * nodejs22-npm-bin-22.22.0-1.3.hum1 (noarch)\n * v8-12.4-devel-12.4.254.21-1.22.22.0.1.3.hum1 (aarch64, x86_64)\n * nodejs22-22.22.0-1.3.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7387",
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21637",
"url": "https://access.redhat.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21636",
"url": "https://access.redhat.com/security/cve/CVE-2026-21636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59466",
"url": "https://access.redhat.com/security/cve/CVE-2025-59466"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59465",
"url": "https://access.redhat.com/security/cve/CVE-2025-59465"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-59464",
"url": "https://access.redhat.com/security/cve/CVE-2025-59464"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55132",
"url": "https://access.redhat.com/security/cve/CVE-2025-55132"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55131",
"url": "https://access.redhat.com/security/cve/CVE-2025-55131"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-55130",
"url": "https://access.redhat.com/security/cve/CVE-2025-55130"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21717",
"url": "https://access.redhat.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-21716",
"url": "https://access.redhat.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45149",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7387.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-19T03:56:13+00:00",
"generator": {
"date": "2026-07-19T03:56:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:7387",
"initial_release_date": "2026-04-10T16:03:53+00:00",
"revision_history": [
{
"date": "2026-04-10T16:03:53+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-18T05:32:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T03:56:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-main@aarch64",
"product": {
"name": "nodejs22-main@aarch64",
"product_id": "nodejs22-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22@22.22.0-1.3.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-main@src",
"product": {
"name": "nodejs22-main@src",
"product_id": "nodejs22-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22@22.22.0-1.3.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-main@x86_64",
"product": {
"name": "nodejs22-main@x86_64",
"product_id": "nodejs22-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22@22.22.0-1.3.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs22-main@noarch",
"product": {
"name": "nodejs22-main@noarch",
"product_id": "nodejs22-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs22-bin@22.22.0-1.3.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs22-main@aarch64"
},
"product_reference": "nodejs22-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs22-main@noarch"
},
"product_reference": "nodejs22-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs22-main@src"
},
"product_reference": "nodejs22-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs22-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs22-main@x86_64"
},
"product_reference": "nodejs22-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-55130",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-01-20T21:03:01.083023+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431352"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Node.js\u2019s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs file permissions bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55130"
},
{
"category": "external",
"summary": "RHBZ#2431352",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431352"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55130",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55130"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55130",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55130"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.393000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T16:03:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Nodejs file permissions bypass"
},
{
"cve": "CVE-2025-55131",
"cwe": {
"id": "CWE-497",
"name": "Exposure of Sensitive System Information to an Unauthorized Control Sphere"
},
"discovery_date": "2026-01-20T21:02:45.759578+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431350"
}
],
"notes": [
{
"category": "description",
"text": "A memory exposure flaw has been discovered in Node.js. A flaw in Node.js\u0027s buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs uninitialized memory exposure",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55131"
},
{
"category": "external",
"summary": "RHBZ#2431350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431350"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55131",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55131"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.591000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T16:03:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Nodejs uninitialized memory exposure"
},
{
"cve": "CVE-2025-55132",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-01-20T21:01:12.192484+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431338"
}
],
"notes": [
{
"category": "description",
"text": "A file access flaw has been discovered in NodeJS. A file\u0027s access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs filesystem permissions bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-55132"
},
{
"category": "external",
"summary": "RHBZ#2431338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431338"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-55132",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-55132"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-55132",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55132"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.620000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T16:03:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs filesystem permissions bypass"
},
{
"cve": "CVE-2025-59464",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-20T21:01:52.581156+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431344"
}
],
"notes": [
{
"category": "description",
"text": "A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js\u2019s OpenSSL integration occurs when converting `X.509` certificate fields to UTF-8 without freeing the allocated buffer. When applications call `socket.getPeerCertificate(true)`, each certificate field leaks memory, allowing remote clients to trigger steady memory growth through repeated TLS connections. Over time this can lead to resource exhaustion and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs memory leak",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59464"
},
{
"category": "external",
"summary": "RHBZ#2431344",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431344"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59464",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59464"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59464",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59464"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.599000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T16:03:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs memory leak"
},
{
"cve": "CVE-2025-59465",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-01-20T21:02:37.799525+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431349"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service flaw has been discovered in NodeJS. A malformed `HTTP/2 HEADERS` frame with oversized, invalid `HPACK` data can cause Node.js to crash by triggering an unhandled `TLSSocket` error `ECONNRESET`. Instead of safely closing the connection, the process crashes, enabling a remote denial of service. This primarily affects applications that do not attach explicit error handlers to secure sockets",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59465"
},
{
"category": "external",
"summary": "RHBZ#2431349",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431349"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59465"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.317000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T16:03:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Nodejs denial of service"
},
{
"cve": "CVE-2025-59466",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-20T21:01:46.025710+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431343"
}
],
"notes": [
{
"category": "description",
"text": "A stack overflow flaw has been discovered in Node.js error handling where \"Maximum call stack size exceeded\" errors become uncatchable when `async_hooks.createHook()` is enabled. Instead of reaching `process.on(\u0027uncaughtException\u0027)`, the process terminates, making the crash unrecoverable. Applications that rely on `AsyncLocalStorage` (v22, v20) or `async_hooks.createHook()` (v24, v22, v20) become vulnerable to denial-of-service crashes triggered by deep recursion under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw requires that the experimental Async hook feature is enabled for use in NodeJS. This feature is not enabled by default on Red Hat systems.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-59466"
},
{
"category": "external",
"summary": "RHBZ#2431343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431343"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-59466",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59466"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-59466",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59466"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.628000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T16:03:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs denial of service"
},
{
"cve": "CVE-2026-21636",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-01-20T21:01:41.174266+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431342"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Node.js\u0027s permission model allows Unix Domain Socket (UDS) connections to bypass network restrictions when `--permission` is enabled. Even without `--allow-net`, attacker-controlled inputs (such as URLs or socketPath options) can connect to arbitrary local sockets via net, tls, or undici/fetch. This breaks the intended security boundary of the permission model and enables access to privileged local services, potentially leading to privilege escalation, data exposure, or local code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs network segmentation bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21636"
},
{
"category": "external",
"summary": "RHBZ#2431342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21636"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.700000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T16:03:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs network segmentation bypass"
},
{
"cve": "CVE-2026-21637",
"cwe": {
"id": "CWE-248",
"name": "Uncaught Exception"
},
"discovery_date": "2026-01-20T21:01:26.738343+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431340"
}
],
"notes": [
{
"category": "description",
"text": "A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Nodejs denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Systems configured according to Red Hat guidelines should have their services set to restart in the event of a process crash. This Host system service management mitigates the availability impact to Red Hat customers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21637"
},
{
"category": "external",
"summary": "RHBZ#2431340",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431340"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21637"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21637"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/december-2025-security-releases"
}
],
"release_date": "2026-01-20T20:41:55.352000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T16:03:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Nodejs denial of service"
},
{
"cve": "CVE-2026-21716",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-03-30T20:01:51.136802+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453157"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied. Such a bypass could lead to unauthorized changes to system files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21716"
},
{
"category": "external",
"summary": "RHBZ#2453157",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453157"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21716",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21716"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21716",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.538000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T16:03:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix."
},
{
"cve": "CVE-2026-21717",
"cwe": {
"id": "CWE-328",
"name": "Use of Weak Hash"
},
"discovery_date": "2026-03-30T20:02:10.986695+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453162"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in V8\u0027s string hashing mechanism within Node.js. A remote attacker can exploit this vulnerability by crafting requests containing integer-like strings. These specially crafted strings cause predictable hash collisions in V8\u0027s internal string table, particularly when processed by functions like JSON.parse() on attacker-controlled input. This can significantly degrade the performance of the Node.js process, leading to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-21717"
},
{
"category": "external",
"summary": "RHBZ#2453162",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453162"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-21717",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21717"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-21717",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-21717"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/march-2026-security-releases"
}
],
"release_date": "2026-03-30T19:07:28.415000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T16:03:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions"
},
{
"cve": "CVE-2026-45149",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-29T21:02:00.092772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products ship brace-expansion versions 1.x and 2.x, which are not affected by this vulnerability. The flaw exists only in versions 5.0.0 through 5.0.5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "RHBZ#2483481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2",
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"release_date": "2026-05-29T19:55:07.337000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-10T16:03:53+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7387"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs22-main@aarch64",
"Red Hat Hardened Images:nodejs22-main@noarch",
"Red Hat Hardened Images:nodejs22-main@src",
"Red Hat Hardened Images:nodejs22-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges"
}
]
}
RHSA-2026:7634
Vulnerability from csaf_redhat - Published: 2026-04-11 00:15 - Updated: 2026-07-19 17:54A flaw was found in llvm. A local attacker could exploit a stack-based buffer overflow vulnerability in the `llvm::StringMap::insert` function. This manipulation could lead to a denial of service, making the affected system or application unavailable.
CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:llvm-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in llvm. A local attacker could exploit a heap-based buffer overflow vulnerability in the GCRelocateInst::getBasePtr function within the Bitcode File Handler component. This flaw could lead to a denial of service, making the affected system unavailable.
CWE-805 - Buffer Access with Incorrect Length Value| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:llvm-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:llvm-main@aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@src | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@x86_64 | — |
Vendor Fix
fix
|
A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:llvm-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:llvm-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nllvm:\n * clang-21.1.8-1.1.hum1 (aarch64, x86_64)\n * clang-analyzer-21.1.8-1.1.hum1 (aarch64, x86_64)\n * clang-devel-21.1.8-1.1.hum1 (aarch64, x86_64)\n * clang-libs-21.1.8-1.1.hum1 (aarch64, x86_64)\n * clang-resource-filesystem-21.1.8-1.1.hum1 (aarch64, x86_64)\n * clang-tools-extra-21.1.8-1.1.hum1 (aarch64, x86_64)\n * clang-tools-extra-devel-21.1.8-1.1.hum1 (aarch64, x86_64)\n * compiler-rt-21.1.8-1.1.hum1 (aarch64, x86_64)\n * git-clang-format-21.1.8-1.1.hum1 (aarch64, x86_64)\n * libcxx-21.1.8-1.1.hum1 (aarch64, x86_64)\n * libcxx-devel-21.1.8-1.1.hum1 (aarch64, x86_64)\n * libcxx-static-21.1.8-1.1.hum1 (aarch64, x86_64)\n * libcxxabi-21.1.8-1.1.hum1 (aarch64, x86_64)\n * libcxxabi-devel-21.1.8-1.1.hum1 (aarch64, x86_64)\n * libcxxabi-static-21.1.8-1.1.hum1 (aarch64, x86_64)\n * libomp-21.1.8-1.1.hum1 (aarch64, x86_64)\n * libomp-devel-21.1.8-1.1.hum1 (aarch64, x86_64)\n * lld-21.1.8-1.1.hum1 (aarch64, x86_64)\n * lld-devel-21.1.8-1.1.hum1 (aarch64, x86_64)\n * lld-libs-21.1.8-1.1.hum1 (aarch64, x86_64)\n * lldb-21.1.8-1.1.hum1 (aarch64, x86_64)\n * lldb-devel-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-bolt-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-cmake-utils-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-devel-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-doc-21.1.8-1.1.hum1 (noarch)\n * llvm-filesystem-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-googletest-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-libs-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-libunwind-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-libunwind-devel-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-libunwind-static-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-static-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-test-21.1.8-1.1.hum1 (aarch64, x86_64)\n * mlir-21.1.8-1.1.hum1 (aarch64, x86_64)\n * mlir-devel-21.1.8-1.1.hum1 (aarch64, x86_64)\n * mlir-static-21.1.8-1.1.hum1 (aarch64, x86_64)\n * polly-21.1.8-1.1.hum1 (aarch64, x86_64)\n * polly-devel-21.1.8-1.1.hum1 (aarch64, x86_64)\n * python3-clang-21.1.8-1.1.hum1 (aarch64, x86_64)\n * python3-lit-21.1.8-1.1.hum1 (noarch)\n * python3-lldb-21.1.8-1.1.hum1 (aarch64, x86_64)\n * python3-mlir-21.1.8-1.1.hum1 (aarch64, x86_64)\n * llvm-21.1.8-1.1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7634",
"url": "https://access.redhat.com/errata/RHSA-2026:7634"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45149",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-13573",
"url": "https://access.redhat.com/security/cve/CVE-2026-13573"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-13574",
"url": "https://access.redhat.com/security/cve/CVE-2026-13574"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7634.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-19T17:54:51+00:00",
"generator": {
"date": "2026-07-19T17:54:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:7634",
"initial_release_date": "2026-04-11T00:15:28+00:00",
"revision_history": [
{
"date": "2026-04-11T00:15:28+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-18T05:32:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T17:54:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "llvm-main@aarch64",
"product": {
"name": "llvm-main@aarch64",
"product_id": "llvm-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/clang@21.1.8-1.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "llvm-main@x86_64",
"product": {
"name": "llvm-main@x86_64",
"product_id": "llvm-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/clang@21.1.8-1.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "llvm-main@src",
"product": {
"name": "llvm-main@src",
"product_id": "llvm-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/llvm@21.1.8-1.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "llvm-main@noarch",
"product": {
"name": "llvm-main@noarch",
"product_id": "llvm-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/llvm-doc@21.1.8-1.1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "llvm-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:llvm-main@aarch64"
},
"product_reference": "llvm-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "llvm-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:llvm-main@noarch"
},
"product_reference": "llvm-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "llvm-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:llvm-main@src"
},
"product_reference": "llvm-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "llvm-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:llvm-main@x86_64"
},
"product_reference": "llvm-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-13573",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-06-29T15:01:19.470118+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494424"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in llvm. A local attacker could exploit a stack-based buffer overflow vulnerability in the `llvm::StringMap::insert` function. This manipulation could lead to a denial of service, making the affected system or application unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "llvm: llvm: Denial of Service via stack-based buffer overflow in StringMap::insert",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has a Low impact as it requires a local attacker to exploit a stack-based buffer overflow in the `llvm::StringMap::insert` function. Successful exploitation could lead to a denial of service, affecting the availability of systems utilizing the vulnerable LLVM component. The vulnerability is limited to local access, reducing its overall risk in typical Red Hat deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-13573"
},
{
"category": "external",
"summary": "RHBZ#2494424",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494424"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-13573",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-13573"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-13573",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13573"
},
{
"category": "external",
"summary": "https://github.com/llvm/llvm-project/",
"url": "https://github.com/llvm/llvm-project/"
},
{
"category": "external",
"summary": "https://github.com/llvm/llvm-project/issues/199187",
"url": "https://github.com/llvm/llvm-project/issues/199187"
},
{
"category": "external",
"summary": "https://github.com/user-attachments/files/28141697/poc.zip",
"url": "https://github.com/user-attachments/files/28141697/poc.zip"
},
{
"category": "external",
"summary": "https://vuldb.com/cve/CVE-2026-13573",
"url": "https://vuldb.com/cve/CVE-2026-13573"
},
{
"category": "external",
"summary": "https://vuldb.com/submit/844457",
"url": "https://vuldb.com/submit/844457"
},
{
"category": "external",
"summary": "https://vuldb.com/vuln/374581",
"url": "https://vuldb.com/vuln/374581"
},
{
"category": "external",
"summary": "https://vuldb.com/vuln/374581/cti",
"url": "https://vuldb.com/vuln/374581/cti"
}
],
"release_date": "2026-06-29T14:00:09.309000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-11T00:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "llvm: llvm: Denial of Service via stack-based buffer overflow in StringMap::insert"
},
{
"cve": "CVE-2026-13574",
"cwe": {
"id": "CWE-805",
"name": "Buffer Access with Incorrect Length Value"
},
"discovery_date": "2026-06-29T15:00:56.609872+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2494420"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in llvm. A local attacker could exploit a heap-based buffer overflow vulnerability in the GCRelocateInst::getBasePtr function within the Bitcode File Handler component. This flaw could lead to a denial of service, making the affected system unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "llvm: llvm-project: LLVM: Denial of service via heap-based buffer overflow in Bitcode File Handler",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has a Low impact, as it requires a local attacker to exploit a heap-based buffer overflow in the LLVM Bitcode File Handler. Successful exploitation could lead to a denial of service by making the affected system unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-13574"
},
{
"category": "external",
"summary": "RHBZ#2494420",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2494420"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-13574",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-13574"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-13574",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-13574"
},
{
"category": "external",
"summary": "https://github.com/llvm/llvm-project/",
"url": "https://github.com/llvm/llvm-project/"
},
{
"category": "external",
"summary": "https://github.com/llvm/llvm-project/issues/199191",
"url": "https://github.com/llvm/llvm-project/issues/199191"
},
{
"category": "external",
"summary": "https://github.com/user-attachments/files/28142619/poc.zip",
"url": "https://github.com/user-attachments/files/28142619/poc.zip"
},
{
"category": "external",
"summary": "https://vuldb.com/cve/CVE-2026-13574",
"url": "https://vuldb.com/cve/CVE-2026-13574"
},
{
"category": "external",
"summary": "https://vuldb.com/submit/844468",
"url": "https://vuldb.com/submit/844468"
},
{
"category": "external",
"summary": "https://vuldb.com/vuln/374582",
"url": "https://vuldb.com/vuln/374582"
},
{
"category": "external",
"summary": "https://vuldb.com/vuln/374582/cti",
"url": "https://vuldb.com/vuln/374582/cti"
}
],
"release_date": "2026-06-29T14:15:09.190000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-11T00:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "llvm: llvm-project: LLVM: Denial of service via heap-based buffer overflow in Bitcode File Handler"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-11T00:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7634"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
},
{
"cve": "CVE-2026-45149",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-29T21:02:00.092772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products ship brace-expansion versions 1.x and 2.x, which are not affected by this vulnerability. The flaw exists only in versions 5.0.0 through 5.0.5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "RHBZ#2483481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2",
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"release_date": "2026-05-29T19:55:07.337000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-11T00:15:28+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7634"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:llvm-main@aarch64",
"Red Hat Hardened Images:llvm-main@noarch",
"Red Hat Hardened Images:llvm-main@src",
"Red Hat Hardened Images:llvm-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges"
}
]
}
RHSA-2026:7655
Vulnerability from csaf_redhat - Published: 2026-04-11 00:49 - Updated: 2026-07-19 06:07A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.
A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU time required to parse the document, resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in js-yaml, a JavaScript YAML (YAML Ain't Markup Language) parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service (DoS) for applications processing the malicious YAML input.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:yarnpkg-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nyarnpkg:\n * yarnpkg-1.22.22-18.1.hum1 (aarch64, x86_64)\n * yarnpkg-1.22.22-18.1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7655",
"url": "https://access.redhat.com/errata/RHSA-2026:7655"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2950",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45149",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45736",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59870",
"url": "https://access.redhat.com/security/cve/CVE-2026-59870"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59868",
"url": "https://access.redhat.com/security/cve/CVE-2026-59868"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7655.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-19T06:07:17+00:00",
"generator": {
"date": "2026-07-19T06:07:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:7655",
"initial_release_date": "2026-04-11T00:49:50+00:00",
"revision_history": [
{
"date": "2026-04-11T00:49:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-18T05:32:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T06:07:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "yarnpkg-main@aarch64",
"product": {
"name": "yarnpkg-main@aarch64",
"product_id": "yarnpkg-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yarnpkg@1.22.22-18.1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "yarnpkg-main@src",
"product": {
"name": "yarnpkg-main@src",
"product_id": "yarnpkg-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yarnpkg@1.22.22-18.1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "yarnpkg-main@x86_64",
"product": {
"name": "yarnpkg-main@x86_64",
"product_id": "yarnpkg-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/yarnpkg@1.22.22-18.1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "yarnpkg-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:yarnpkg-main@aarch64"
},
"product_reference": "yarnpkg-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yarnpkg-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:yarnpkg-main@src"
},
"product_reference": "yarnpkg-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yarnpkg-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:yarnpkg-main@x86_64"
},
"product_reference": "yarnpkg-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2950",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-31T20:01:38.424064+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "RHBZ#2453499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-03-31T19:18:35.796000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-11T00:49:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7655"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass"
},
{
"cve": "CVE-2026-45149",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-29T21:02:00.092772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products ship brace-expansion versions 1.x and 2.x, which are not affected by this vulnerability. The flaw exists only in versions 5.0.0 through 5.0.5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "RHBZ#2483481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2",
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"release_date": "2026-05-29T19:55:07.337000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-11T00:49:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7655"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges"
},
{
"cve": "CVE-2026-45736",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-05-15T16:00:55.786944+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in the `ws` WebSocket library for Node.js could lead to sensitive information disclosure. The flaw occurs when a `TypedArray` is specifically provided as the `reason` argument to the `websocket.close()` function, potentially exposing uninitialized memory. Red Hat products utilizing this library may be affected if their implementations allow for such a crafted `close()` call.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "RHBZ#2477914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086",
"url": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"
}
],
"release_date": "2026-05-15T14:53:57.263000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-11T00:49:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7655"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`"
},
{
"cve": "CVE-2026-59868",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-07-08T16:01:01.825253+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498114"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU time required to parse the document, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "js-yaml versions 5.0.0 through 5.1.x are vulnerable to a denial of service. When merge keys (\u0027\u003c\u003c\u0027) are enabled during YAML parsing, js-yaml re-merges the accumulated mapping into each subsequent mapping in a chain. A document consisting of a linear chain of mappings that each merge the previous one causes quadratic (O(n^2)) CPU consumption relative to input size, even though the document size itself grows only linearly. This can be triggered via yaml.load() on untrusted YAML input that uses merge keys. Fixed in js-yaml 5.2.0.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59868"
},
{
"category": "external",
"summary": "RHBZ#2498114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59868",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59868"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/commit/3105455b81dee69e0fd36e09ac0b2ccfdb54adc1",
"url": "https://github.com/nodeca/js-yaml/commit/3105455b81dee69e0fd36e09ac0b2ccfdb54adc1"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/releases/tag/5.2.0",
"url": "https://github.com/nodeca/js-yaml/releases/tag/5.2.0"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-g796-fgmg-93mv",
"url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-g796-fgmg-93mv"
}
],
"release_date": "2026-07-08T15:18:19.422000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-11T00:49:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7655"
},
{
"category": "workaround",
"details": "Upgrade to js-yaml 5.2.0 or later. Where an immediate upgrade is not possible, avoid parsing untrusted YAML documents that use merge keys (\u0027\u003c\u003c\u0027), or apply size and time limits when parsing untrusted YAML input.",
"product_ids": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys"
},
{
"cve": "CVE-2026-59870",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-07-08T16:02:04.944023+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498130"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in js-yaml, a JavaScript YAML (YAML Ain\u0027t Markup Language) parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service (DoS) for applications processing the malicious YAML input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "js-yaml versions 5.0.0 through 5.2.0 are vulnerable to a denial of service via the omapTag.addItem() O(n^2) duplicate-key scan when parsing crafted YAML ordered-map documents with the YAML11_SCHEMA. This affects yaml.load() calls using that schema. Fixed in 5.2.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59870"
},
{
"category": "external",
"summary": "RHBZ#2498130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498130"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59870"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59870",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59870"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/commit/39f3211a2f01b3c6982710cf21434ab7060acefe",
"url": "https://github.com/nodeca/js-yaml/commit/39f3211a2f01b3c6982710cf21434ab7060acefe"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/releases/tag/5.2.1",
"url": "https://github.com/nodeca/js-yaml/releases/tag/5.2.1"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-724g-mxrg-4qvm",
"url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-724g-mxrg-4qvm"
}
],
"release_date": "2026-07-08T15:13:20.308000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-11T00:49:50+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7655"
},
{
"category": "workaround",
"details": "Avoid using the YAML11_SCHEMA when parsing untrusted YAML input, or upgrade to js-yaml 5.2.1 or later. Applications using the default schema (CORE_SCHEMA) are not affected.",
"product_ids": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:yarnpkg-main@aarch64",
"Red Hat Hardened Images:yarnpkg-main@src",
"Red Hat Hardened Images:yarnpkg-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document"
}
]
}
RHSA-2026:9455
Vulnerability from csaf_redhat - Published: 2026-04-21 17:31 - Updated: 2026-07-19 06:05A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.
CWE-279 - Incorrect Execution-Assigned Permissions| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the `--allow-net` permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or integrity impact.
CWE-648 - Incorrect Use of Privileged APIs| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU time required to parse the document, resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in js-yaml, a JavaScript YAML (YAML Ain't Markup Language) parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service (DoS) for applications processing the malicious YAML input.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Hardened Images:nodejs20-main@x86_64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for Red Hat Hardened Images RPMs is now available.",
"title": "Topic"
},
{
"category": "general",
"text": "This update includes the following RPMs:\n\nnodejs20:\n * nodejs20-20.20.2-1.hum1 (aarch64, x86_64)\n * nodejs20-bin-20.20.2-1.hum1 (noarch)\n * nodejs20-devel-20.20.2-1.hum1 (aarch64, x86_64)\n * nodejs20-docs-20.20.2-1.hum1 (noarch)\n * nodejs20-full-i18n-20.20.2-1.hum1 (aarch64, x86_64)\n * nodejs20-libs-20.20.2-1.hum1 (aarch64, x86_64)\n * nodejs20-npm-10.8.2-1.20.20.2.1.hum1 (noarch)\n * nodejs20-npm-bin-20.20.2-1.hum1 (noarch)\n * v8-11.3-devel-11.3.244.8-1.20.20.2.1.hum1 (aarch64, x86_64)\n * nodejs20-20.20.2-1.hum1.src (src)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:9455",
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "external",
"summary": "https://images.redhat.com/",
"url": "https://images.redhat.com/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2950",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45149",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-8723",
"url": "https://access.redhat.com/security/cve/CVE-2026-8723"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48618",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48933",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48615",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48936",
"url": "https://access.redhat.com/security/cve/CVE-2026-48936"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48934",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48928",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48930",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48619",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48935",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59870",
"url": "https://access.redhat.com/security/cve/CVE-2026-59870"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-59868",
"url": "https://access.redhat.com/security/cve/CVE-2026-59868"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_9455.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
"tracking": {
"current_release_date": "2026-07-19T06:05:16+00:00",
"generator": {
"date": "2026-07-19T06:05:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.7"
}
},
"id": "RHSA-2026:9455",
"initial_release_date": "2026-04-21T17:31:07+00:00",
"revision_history": [
{
"date": "2026-04-21T17:31:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-18T05:32:03+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-19T06:05:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Hardened Images",
"product": {
"name": "Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:hummingbird:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Hardened Images"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-main@aarch64",
"product": {
"name": "nodejs20-main@aarch64",
"product_id": "nodejs20-main@aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs20@20.20.2-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-main@src",
"product": {
"name": "nodejs20-main@src",
"product_id": "nodejs20-main@src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs20@20.20.2-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-main@x86_64",
"product": {
"name": "nodejs20-main@x86_64",
"product_id": "nodejs20-main@x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs20@20.20.2-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "nodejs20-main@noarch",
"product": {
"name": "nodejs20-main@noarch",
"product_id": "nodejs20-main@noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/nodejs20-bin@20.20.2-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-main@aarch64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs20-main@aarch64"
},
"product_reference": "nodejs20-main@aarch64",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-main@noarch as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs20-main@noarch"
},
"product_reference": "nodejs20-main@noarch",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-main@src as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs20-main@src"
},
"product_reference": "nodejs20-main@src",
"relates_to_product_reference": "Red Hat Hardened Images"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "nodejs20-main@x86_64 as a component of Red Hat Hardened Images",
"product_id": "Red Hat Hardened Images:nodejs20-main@x86_64"
},
"product_reference": "nodejs20-main@x86_64",
"relates_to_product_reference": "Red Hat Hardened Images"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2950",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-31T20:01:38.424064+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "RHBZ#2453499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-03-31T19:18:35.796000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass"
},
{
"cve": "CVE-2026-45149",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-29T21:02:00.092772+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2483481"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the brace-expansion library. This vulnerability allows an attacker to cause a Denial of Service (DoS) by providing a large numeric range for expansion. The library allocates excessive memory to generate all intermediate elements before applying the maximum limit, leading to high memory consumption and potential application crashes. This can impact the availability of systems using the library.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat products ship brace-expansion versions 1.x and 2.x, which are not affected by this vulnerability. The flaw exists only in versions 5.0.0 through 5.0.5.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45149"
},
{
"category": "external",
"summary": "RHBZ#2483481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2483481"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45149",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45149"
},
{
"category": "external",
"summary": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2",
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"release_date": "2026-05-29T19:55:07.337000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "brace-expansion: brace-expansion: Denial of Service due to excessive memory allocation when expanding large numeric ranges"
},
{
"cve": "CVE-2026-48615",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"discovery_date": "2026-06-26T02:01:59.112093+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493335"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. When proxy credentials are embedded in a proxy URL, an issue in the proxy tunnel error handling can lead to the exposure of these credentials. This information disclosure vulnerability allows an attacker to potentially capture sensitive proxy credentials through logs, diagnostics, or other error-consuming mechanisms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48615"
},
{
"category": "external",
"summary": "RHBZ#2493335",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493335"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48615"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.524000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Information disclosure of proxy credentials via proxy tunnel error handling"
},
{
"cve": "CVE-2026-48618",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:02:10.741725+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493337"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This flaw involves a mismatch in how Node.js handles TLS (Transport Layer Security) hostnames and unicode dot separators during authentication. This mismatch can lead to a wildcard-depth authentication bypass. An attacker could exploit this to bypass intended security boundaries, potentially leading to unauthorized access and confidentiality impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Node.js allows for a TLS wildcard-depth authentication bypass due to a mismatch in how hostnames and unicode dot separators are handled during authentication. This could enable an attacker to circumvent security boundaries, potentially leading to unauthorized access and compromise of sensitive information in applications utilizing Node.js for TLS connections. The issue affects Node.js versions 22, 24, and 26 as shipped in Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48618"
},
{
"category": "external",
"summary": "RHBZ#2493337",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493337"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48618"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.868000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js: Authentication bypass due to TLS hostname handling and unicode dot separator mismatch"
},
{
"cve": "CVE-2026-48619",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:06.466413+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493325"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. A malicious server can exploit the HTTP/2 client by sending an unlimited number of ORIGIN frames. This can lead to an Out of Memory error on the client, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Moderate flaw in the Node.js HTTP/2 client can lead to a denial of service. A malicious server could exploit this by sending an excessive number of ORIGIN frames, causing the client to consume all available memory. This affects Red Hat products utilizing Node.js as an HTTP/2 client.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48619"
},
{
"category": "external",
"summary": "RHBZ#2493325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493325"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48619"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.541000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Denial of Service via unlimited HTTP/2 ORIGIN frames"
},
{
"cve": "CVE-2026-48928",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"discovery_date": "2026-06-26T02:01:48.441706+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493333"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS (mutual Transport Layer Security) setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive information or integrity compromise within the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48928"
},
{
"category": "external",
"summary": "RHBZ#2493333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493333"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48928",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48928"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.981000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency"
},
{
"cve": "CVE-2026-48930",
"cwe": {
"id": "CWE-170",
"name": "Improper Null Termination"
},
"discovery_date": "2026-06-26T02:01:11.476251+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493326"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. This vulnerability in the TLS (Transport Layer Security) hostname handling allows embedded null characters in hostnames. This can lead to silent authority rebinding, potentially enabling an attacker to redirect network traffic to an unintended server and disclose sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48930"
},
{
"category": "external",
"summary": "RHBZ#2493326",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493326"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48930",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48930"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48930"
},
{
"category": "external",
"summary": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e",
"url": "https://github.com/nodejs/node/commit/7dafafa2424710ded8b77eb7c878e884c1aef64e"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/3656716",
"url": "https://hackerone.com/reports/3656716"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:37.006000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Silent authority rebinding due to embedded-nul hostnames in TLS handling"
},
{
"cve": "CVE-2026-48933",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-26T02:01:39.107538+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493331"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the `subtle.encrypt()` function that is a multiple of 2 gigabytes (GiB). This could lead to a denial of service (DoS) by crashing the Node.js process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in Node.js WebCrypto, as a remote attacker can crash the Node.js process by providing a specially crafted large input to the `subtle.encrypt()` function. This could lead to service unavailability in Red Hat environments where Node.js applications process untrusted data with WebCrypto.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48933"
},
{
"category": "external",
"summary": "RHBZ#2493331",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493331"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48933",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48933"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.823000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()"
},
{
"cve": "CVE-2026-48934",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-06-26T02:01:43.284771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493332"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security (TLS) host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integrity compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Certification validation bypass in TLS host verification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48934"
},
{
"category": "external",
"summary": "RHBZ#2493332",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493332"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48934",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48934"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.894000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nodejs: Node.js: Certification validation bypass in TLS host verification"
},
{
"cve": "CVE-2026-48935",
"cwe": {
"id": "CWE-279",
"name": "Incorrect Execution-Assigned Permissions"
},
"discovery_date": "2026-06-26T02:01:29.191932+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493329"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Unauthorized file metadata modification",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48935"
},
{
"category": "external",
"summary": "RHBZ#2493329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493329"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48935",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48935"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.641000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Unauthorized file metadata modification"
},
{
"cve": "CVE-2026-48936",
"cwe": {
"id": "CWE-648",
"name": "Incorrect Use of Privileged APIs"
},
"discovery_date": "2026-06-26T02:02:04.921691+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2493336"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the `--allow-net` permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or integrity impact.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nodejs: Node.js: Local server can be started without network permission via Permission API flaw",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48936"
},
{
"category": "external",
"summary": "RHBZ#2493336",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2493336"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48936",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48936"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48936",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48936"
},
{
"category": "external",
"summary": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases",
"url": "https://nodejs.org/en/blog/vulnerability/june-2026-security-releases"
}
],
"release_date": "2026-06-26T01:14:36.878000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "nodejs: Node.js: Local server can be started without network permission via Permission API flaw"
},
{
"cve": "CVE-2026-59868",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-07-08T16:01:01.825253+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498114"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in js-yaml, a JavaScript YAML parser and dumper. When merge keys are enabled, a remote attacker could exploit this vulnerability by crafting a YAML document where a chain of mappings uses merge keys, each merging the previous one. This can lead to a significant increase in CPU time required to parse the document, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "js-yaml versions 5.0.0 through 5.1.x are vulnerable to a denial of service. When merge keys (\u0027\u003c\u003c\u0027) are enabled during YAML parsing, js-yaml re-merges the accumulated mapping into each subsequent mapping in a chain. A document consisting of a linear chain of mappings that each merge the previous one causes quadratic (O(n^2)) CPU consumption relative to input size, even though the document size itself grows only linearly. This can be triggered via yaml.load() on untrusted YAML input that uses merge keys. Fixed in js-yaml 5.2.0.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59868"
},
{
"category": "external",
"summary": "RHBZ#2498114",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498114"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59868",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59868"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/commit/3105455b81dee69e0fd36e09ac0b2ccfdb54adc1",
"url": "https://github.com/nodeca/js-yaml/commit/3105455b81dee69e0fd36e09ac0b2ccfdb54adc1"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/releases/tag/5.2.0",
"url": "https://github.com/nodeca/js-yaml/releases/tag/5.2.0"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-g796-fgmg-93mv",
"url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-g796-fgmg-93mv"
}
],
"release_date": "2026-07-08T15:18:19.422000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Upgrade to js-yaml 5.2.0 or later. Where an immediate upgrade is not possible, avoid parsing untrusted YAML documents that use merge keys (\u0027\u003c\u003c\u0027), or apply size and time limits when parsing untrusted YAML input.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "js-yaml: js-yaml: Denial of Service via quadratic CPU time parsing with merge keys"
},
{
"cve": "CVE-2026-59870",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-07-08T16:02:04.944023+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2498130"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in js-yaml, a JavaScript YAML (YAML Ain\u0027t Markup Language) parser. An attacker could exploit this by providing a specially crafted YAML ordered-map document. This could lead to excessive CPU consumption, resulting in a denial of service (DoS) for applications processing the malicious YAML input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "js-yaml versions 5.0.0 through 5.2.0 are vulnerable to a denial of service via the omapTag.addItem() O(n^2) duplicate-key scan when parsing crafted YAML ordered-map documents with the YAML11_SCHEMA. This affects yaml.load() calls using that schema. Fixed in 5.2.1.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-59870"
},
{
"category": "external",
"summary": "RHBZ#2498130",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2498130"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-59870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-59870"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-59870",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59870"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/commit/39f3211a2f01b3c6982710cf21434ab7060acefe",
"url": "https://github.com/nodeca/js-yaml/commit/39f3211a2f01b3c6982710cf21434ab7060acefe"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/releases/tag/5.2.1",
"url": "https://github.com/nodeca/js-yaml/releases/tag/5.2.1"
},
{
"category": "external",
"summary": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-724g-mxrg-4qvm",
"url": "https://github.com/nodeca/js-yaml/security/advisories/GHSA-724g-mxrg-4qvm"
}
],
"release_date": "2026-07-08T15:13:20.308000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-21T17:31:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:9455"
},
{
"category": "workaround",
"details": "Avoid using the YAML11_SCHEMA when parsing untrusted YAML input, or upgrade to js-yaml 5.2.1 or later. Applications using the default schema (CORE_SCHEMA) are not affected.",
"product_ids": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Hardened Images:nodejs20-main@aarch64",
"Red Hat Hardened Images:nodejs20-main@noarch",
"Red Hat Hardened Images:nodejs20-main@src",
"Red Hat Hardened Images:nodejs20-main@x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "js-yaml: js-yaml: Denial of Service via crafted YAML ordered-map document"
}
]
}
ubuntu-cve-2026-45149
Vulnerability from osv_ubuntu
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like {1..10000000}, the sequence generation loop generates all 10 million intermediate elements before the max limit is applied With max=10, the output is correctly limited to 10 items, but the process still allocates ~505 MB and spends ~800ms building the full intermediate array. This vulnerability is fixed in 5.0.6.
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "node-brace-expansion",
"binary_version": "1.1.8-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "node-brace-expansion",
"purl": "pkg:deb/ubuntu/node-brace-expansion@1.1.8-1?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.1.8-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "node-brace-expansion",
"binary_version": "1.1.11-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "node-brace-expansion",
"purl": "pkg:deb/ubuntu/node-brace-expansion@1.1.11-1?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.1.8-1",
"1.1.11-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "node-brace-expansion",
"binary_version": "2.0.1-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "node-brace-expansion",
"purl": "pkg:deb/ubuntu/node-brace-expansion@2.0.1-1?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.0-1",
"2.0.1-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "node-brace-expansion",
"binary_version": "2.0.1+~1.1.0-1"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "node-brace-expansion",
"purl": "pkg:deb/ubuntu/node-brace-expansion@2.0.1+~1.1.0-1?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.1-2",
"2.0.1+~1.1.0-1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "node-brace-expansion",
"binary_version": "2.0.1+~1.1.0-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "node-brace-expansion",
"purl": "pkg:deb/ubuntu/node-brace-expansion@2.0.1+~1.1.0-2?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.1+~1.1.0-1",
"2.0.1+~1.1.0-2"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "node-brace-expansion",
"binary_version": "2.0.1+~1.1.0-2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04:LTS",
"name": "node-brace-expansion",
"purl": "pkg:deb/ubuntu/node-brace-expansion@2.0.1+~1.1.0-2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.0.1+~1.1.0-2"
]
}
],
"aliases": [],
"details": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large numeric range like {1..10000000}, the sequence generation loop generates all 10 million intermediate elements before the max limit is applied With max=10, the output is correctly limited to 10 items, but the process still allocates ~505 MB and spends ~800ms building the full intermediate array. This vulnerability is fixed in 5.0.6.",
"id": "UBUNTU-CVE-2026-45149",
"modified": "2026-06-05T09:30:14Z",
"published": "2026-05-29T20:16:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-45149"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45149"
},
{
"type": "REPORT",
"url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-jxxr-4gwj-5jf2"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-45149"
]
}
WID-SEC-W-2026-1955
Vulnerability from csaf_certbund - Published: 2026-06-16 22:00 - Updated: 2026-06-17 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Crucible <4.9.11
Atlassian / Crucible
|
<4.9.11 | ||
|
Atlassian Fisheye <4.9.11
Atlassian / Fisheye
|
<4.9.11 | ||
|
Atlassian Confluence Data Center <9.2.21
Atlassian / Confluence
|
Data Center <9.2.21 | ||
|
Atlassian Confluence Data Center <10.2.13
Atlassian / Confluence
|
Data Center <10.2.13 | ||
|
Atlassian Bitbucket Data Center <10.3.1
Atlassian / Bitbucket
|
Data Center <10.3.1 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket Data Center <9.4.21
Atlassian / Bitbucket
|
Data Center <9.4.21 | ||
|
Atlassian Bitbucket Data Center <10.2.4
Atlassian / Bitbucket
|
Data Center <10.2.4 | ||
|
Atlassian Jira Service Management Data Center and Server <10.3.22
Atlassian / Jira
|
Service Management Data Center and Server <10.3.22 | ||
|
Atlassian Jira Service Management Data Center and Server <11.3.7
Atlassian / Jira
|
Service Management Data Center and Server <11.3.7 | ||
|
Atlassian Bamboo Data Center <12.1.8
Atlassian / Bamboo
|
Data Center <12.1.8 | ||
|
Atlassian Jira Data Center <10.3.22
Atlassian / Jira
|
Data Center <10.3.22 | ||
|
Atlassian Jira Data Center <11.3.7
Atlassian / Jira
|
Data Center <11.3.7 | ||
|
Atlassian Bamboo Data Center <10.2.20
Atlassian / Bamboo
|
Data Center <10.2.20 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nFisheye ist ein Quellcode-Repository-Browser f\u00fcr Unternehmensteams. \r\nCrucible ist eine Code-Review-L\u00f6sung f\u00fcr Unternehmensteams.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management ausnutzen, um beliebigen Code auszuf\u00fchren, erweiterte Berechtigungen zu erlangen, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1955 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1955.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1955 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1955"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin Juni vom 2026-06-16",
"url": "https://confluence.atlassian.com/security/security-bulletin-june-16-2026-1796309326.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:22380 vom 2026-06-18",
"url": "https://access.redhat.com/errata/RHSA-2026:22380"
}
],
"source_lang": "en-US",
"title": "Atlassian Bamboo, Bitbucket, Confluence, Fisheye, Crucible, Jira und Jira Service Management: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-17T22:00:00.000+00:00",
"generator": {
"date": "2026-06-18T07:59:55.017+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1955",
"initial_release_date": "2026-06-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-06-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c12.1.8",
"product": {
"name": "Atlassian Bamboo Data Center \u003c12.1.8",
"product_id": "T055489"
}
},
{
"category": "product_version",
"name": "Data Center 12.1.8",
"product": {
"name": "Atlassian Bamboo Data Center 12.1.8",
"product_id": "T055489-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center__12.1.8"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c10.2.20",
"product": {
"name": "Atlassian Bamboo Data Center \u003c10.2.20",
"product_id": "T055490"
}
},
{
"category": "product_version",
"name": "Data Center 10.2.20",
"product": {
"name": "Atlassian Bamboo Data Center 10.2.20",
"product_id": "T055490-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:data_center__10.2.20"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c10.2.4",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c10.2.4",
"product_id": "T055492"
}
},
{
"category": "product_version",
"name": "Data Center 10.2.4",
"product": {
"name": "Atlassian Bitbucket Data Center 10.2.4",
"product_id": "T055492-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__10.2.4"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c9.4.21",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c9.4.21",
"product_id": "T055493"
}
},
{
"category": "product_version",
"name": "Data Center 9.4.21",
"product": {
"name": "Atlassian Bitbucket Data Center 9.4.21",
"product_id": "T055493-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__9.4.21"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c10.3.1",
"product": {
"name": "Atlassian Bitbucket Data Center \u003c10.3.1",
"product_id": "T055494"
}
},
{
"category": "product_version",
"name": "Data Center 10.3.1",
"product": {
"name": "Atlassian Bitbucket Data Center 10.3.1",
"product_id": "T055494-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:data_center__10.3.1"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c10.2.13",
"product": {
"name": "Atlassian Confluence Data Center \u003c10.2.13",
"product_id": "T055495"
}
},
{
"category": "product_version",
"name": "Data Center 10.2.13",
"product": {
"name": "Atlassian Confluence Data Center 10.2.13",
"product_id": "T055495-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center__10.2.13"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c9.2.21",
"product": {
"name": "Atlassian Confluence Data Center \u003c9.2.21",
"product_id": "T055496"
}
},
{
"category": "product_version",
"name": "Data Center 9.2.21",
"product": {
"name": "Atlassian Confluence Data Center 9.2.21",
"product_id": "T055496-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:data_center__9.2.21"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.9.11",
"product": {
"name": "Atlassian Crucible \u003c4.9.11",
"product_id": "T055498"
}
},
{
"category": "product_version",
"name": "4.9.11",
"product": {
"name": "Atlassian Crucible 4.9.11",
"product_id": "T055498-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:crucible:4.9.11"
}
}
}
],
"category": "product_name",
"name": "Crucible"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.9.11",
"product": {
"name": "Atlassian Fisheye \u003c4.9.11",
"product_id": "T055497"
}
},
{
"category": "product_version",
"name": "4.9.11",
"product": {
"name": "Atlassian Fisheye 4.9.11",
"product_id": "T055497-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:fisheye:4.9.11"
}
}
}
],
"category": "product_name",
"name": "Fisheye"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Data Center \u003c11.3.7",
"product": {
"name": "Atlassian Jira Data Center \u003c11.3.7",
"product_id": "T055499"
}
},
{
"category": "product_version",
"name": "Data Center 11.3.7",
"product": {
"name": "Atlassian Jira Data Center 11.3.7",
"product_id": "T055499-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center__11.3.7"
}
}
},
{
"category": "product_version_range",
"name": "Data Center \u003c10.3.22",
"product": {
"name": "Atlassian Jira Data Center \u003c10.3.22",
"product_id": "T055500"
}
},
{
"category": "product_version",
"name": "Data Center 10.3.22",
"product": {
"name": "Atlassian Jira Data Center 10.3.22",
"product_id": "T055500-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:data_center__10.3.22"
}
}
},
{
"category": "product_version_range",
"name": "Service Management Data Center and Server \u003c11.3.7",
"product": {
"name": "Atlassian Jira Service Management Data Center and Server \u003c11.3.7",
"product_id": "T055501"
}
},
{
"category": "product_version",
"name": "Service Management Data Center and Server 11.3.7",
"product": {
"name": "Atlassian Jira Service Management Data Center and Server 11.3.7",
"product_id": "T055501-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:service_management_data_center_and_server__11.3.7"
}
}
},
{
"category": "product_version_range",
"name": "Service Management Data Center and Server \u003c10.3.22",
"product": {
"name": "Atlassian Jira Service Management Data Center and Server \u003c10.3.22",
"product_id": "T055502"
}
},
{
"category": "product_version",
"name": "Service Management Data Center and Server 10.3.22",
"product": {
"name": "Atlassian Jira Service Management Data Center and Server 10.3.22",
"product_id": "T055502-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:service_management_data_center_and_server__10.3.22"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-11272",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2019-11272"
},
{
"cve": "CVE-2021-3803",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2021-3803"
},
{
"cve": "CVE-2022-1471",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2022-22965",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2022-22965"
},
{
"cve": "CVE-2022-22978",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2022-22978"
},
{
"cve": "CVE-2022-31692",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2022-31692"
},
{
"cve": "CVE-2024-22257",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2024-22257"
},
{
"cve": "CVE-2025-22228",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2026-22732",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-22732"
},
{
"cve": "CVE-2026-24734",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-24734"
},
{
"cve": "CVE-2026-26996",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-26996"
},
{
"cve": "CVE-2026-27903",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-27903"
},
{
"cve": "CVE-2026-27904",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-27904"
},
{
"cve": "CVE-2026-29129",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-29129"
},
{
"cve": "CVE-2026-33870",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-33870"
},
{
"cve": "CVE-2026-33871",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-33871"
},
{
"cve": "CVE-2026-34077",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-34077"
},
{
"cve": "CVE-2026-34486",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-34486"
},
{
"cve": "CVE-2026-34487",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-34487"
},
{
"cve": "CVE-2026-40175",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-40175"
},
{
"cve": "CVE-2026-41044",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-41044"
},
{
"cve": "CVE-2026-41284",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-41284"
},
{
"cve": "CVE-2026-41293",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-41293"
},
{
"cve": "CVE-2026-42033",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42033"
},
{
"cve": "CVE-2026-42035",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42035"
},
{
"cve": "CVE-2026-42038",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42038"
},
{
"cve": "CVE-2026-42043",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42043"
},
{
"cve": "CVE-2026-42198",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42198"
},
{
"cve": "CVE-2026-42211",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42211"
},
{
"cve": "CVE-2026-42264",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42264"
},
{
"cve": "CVE-2026-42342",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42342"
},
{
"cve": "CVE-2026-42498",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42498"
},
{
"cve": "CVE-2026-42579",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42579"
},
{
"cve": "CVE-2026-42581",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42581"
},
{
"cve": "CVE-2026-42583",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42583"
},
{
"cve": "CVE-2026-42584",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42584"
},
{
"cve": "CVE-2026-42585",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42585"
},
{
"cve": "CVE-2026-42587",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-42587"
},
{
"cve": "CVE-2026-43512",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-43512"
},
{
"cve": "CVE-2026-43513",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-43513"
},
{
"cve": "CVE-2026-43515",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-43515"
},
{
"cve": "CVE-2026-44486",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44486"
},
{
"cve": "CVE-2026-44487",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44487"
},
{
"cve": "CVE-2026-44488",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44488"
},
{
"cve": "CVE-2026-44492",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44492"
},
{
"cve": "CVE-2026-44495",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44495"
},
{
"cve": "CVE-2026-44496",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-44496"
},
{
"cve": "CVE-2026-45149",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-45149"
},
{
"cve": "CVE-2026-45736",
"product_status": {
"known_affected": [
"T055498",
"T055497",
"T055496",
"T055495",
"T055494",
"67646",
"T055493",
"T055492",
"T055502",
"T055501",
"T055489",
"T055500",
"T055499",
"T055490"
]
},
"release_date": "2026-06-16T22:00:00.000+00:00",
"title": "CVE-2026-45736"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.