Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-31988 (GCVE-0-2026-31988)
Vulnerability from cvelistv5 – Published: 2026-03-11 22:58 – Updated: 2026-03-12 13:40
VLAI
EPSS
Title
yauzl 3.2.0 - Denial of Service via Off-by-One Error in NTFS Timestamp Parser
Summary
yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This affects any Node.js application that processes zip file uploads and calls entry.getLastModDate() on parsed entries. Fixed in version 3.2.1.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-193 - Off-by-one Error
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/thejoshwolfe/yauzl/commit/c469… | patch |
| https://www.codeant.ai/security-research/yauzl-de… | third-party-advisory |
| https://www.npmjs.com/package/yauzl | product |
| https://www.vulncheck.com/advisories/yauzl-denial… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| thejoshwolfe | yauzl |
Affected:
3.2.0 , < 3.2.1
(semver)
Unaffected: 3.2.1 |
Date Public
2026-02-28 00:00
Credits
CodeAnt AI Code Reviewer
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31988",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T13:40:48.738159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T13:40:55.420Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:npm/yauzl",
"product": "yauzl",
"vendor": "thejoshwolfe",
"versions": [
{
"lessThan": "3.2.1",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "3.2.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "CodeAnt AI Code Reviewer"
}
],
"datePublic": "2026-02-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor \u003c data.length + 4 instead of cursor + 4 \u003c= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This affects any Node.js application that processes zip file uploads and calls entry.getLastModDate() on parsed entries. Fixed in version 3.2.1."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T22:58:48.863Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/thejoshwolfe/yauzl/commit/c4695215b05c6adffda613b9051a2a85429b33fe"
},
{
"name": "CodeAnt AI Security Research Advisory",
"tags": [
"third-party-advisory"
],
"url": "https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash"
},
{
"name": "npm - yauzl",
"tags": [
"product"
],
"url": "https://www.npmjs.com/package/yauzl"
},
{
"name": "VulnCheck Advisory: yauzl 3.2.0 - Denial of Service via Off-by-One Error in NTFS Timestamp Parser",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/yauzl-denial-of-service-via-off-by-one-error-in-ntfs-timestamp-parser"
}
],
"title": "yauzl 3.2.0 - Denial of Service via Off-by-One Error in NTFS Timestamp Parser",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-31988",
"datePublished": "2026-03-11T22:58:48.863Z",
"dateReserved": "2026-03-10T19:48:11.109Z",
"dateUpdated": "2026-03-12T13:40:55.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-31988",
"date": "2026-06-10",
"epss": "0.00152",
"percentile": "0.3558"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-31988\",\"sourceIdentifier\":\"disclosure@vulncheck.com\",\"published\":\"2026-03-11T23:16:00.530\",\"lastModified\":\"2026-04-15T14:56:45.970\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor \u003c data.length + 4 instead of cursor + 4 \u003c= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This affects any Node.js application that processes zip file uploads and calls entry.getLastModDate() on parsed entries. Fixed in version 3.2.1.\"},{\"lang\":\"es\",\"value\":\"yauzl (tambi\u00e9n conocida como Yet Another Unzip Library) versi\u00f3n 3.2.0 para Node.js contiene un error de off-by-one en el analizador del campo extra de marca de tiempo extendida NTFS dentro de la funci\u00f3n getLastModDate(). La condici\u00f3n del bucle \u0027while\u0027 comprueba cursor \u0026lt; data.length + 4 en lugar de cursor + 4 \u0026lt;= data.length, permitiendo que readUInt16LE() lea m\u00e1s all\u00e1 del l\u00edmite del b\u00fafer. Un atacante remoto puede causar una denegaci\u00f3n de servicio (ca\u00edda del proceso a trav\u00e9s de una excepci\u00f3n ERR_OUT_OF_RANGE) al enviar un archivo zip manipulado con un campo extra NTFS malformado. Esto afecta a cualquier aplicaci\u00f3n Node.js que procesa cargas de archivos zip y llama a entry.getLastModDate() en las entradas analizadas. Corregido en la versi\u00f3n 3.2.1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"disclosure@vulncheck.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-193\"}]}],\"references\":[{\"url\":\"https://github.com/thejoshwolfe/yauzl/commit/c4695215b05c6adffda613b9051a2a85429b33fe\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.npmjs.com/package/yauzl\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.vulncheck.com/advisories/yauzl-denial-of-service-via-off-by-one-error-in-ntfs-timestamp-parser\",\"source\":\"disclosure@vulncheck.com\"},{\"url\":\"https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-31988\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-12T13:40:48.738159Z\"}}}], \"references\": [{\"url\": \"https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-12T13:40:42.721Z\"}}], \"cna\": {\"title\": \"yauzl 3.2.0 - Denial of Service via Off-by-One Error in NTFS Timestamp Parser\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"CodeAnt AI Code Reviewer\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"thejoshwolfe\", \"product\": \"yauzl\", \"versions\": [{\"status\": \"affected\", \"version\": \"3.2.0\", \"lessThan\": \"3.2.1\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"3.2.1\"}], \"packageURL\": \"pkg:npm/yauzl\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-02-28T00:00:00.000Z\", \"references\": [{\"url\": \"https://github.com/thejoshwolfe/yauzl/commit/c4695215b05c6adffda613b9051a2a85429b33fe\", \"name\": \"Patch Commit\", \"tags\": [\"patch\"]}, {\"url\": \"https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash\", \"name\": \"CodeAnt AI Security Research Advisory\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://www.npmjs.com/package/yauzl\", \"name\": \"npm - yauzl\", \"tags\": [\"product\"]}, {\"url\": \"https://www.vulncheck.com/advisories/yauzl-denial-of-service-via-off-by-one-error-in-ntfs-timestamp-parser\", \"name\": \"VulnCheck Advisory: yauzl 3.2.0 - Denial of Service via Off-by-One Error in NTFS Timestamp Parser\", \"tags\": [\"third-party-advisory\"]}], \"x_generator\": {\"engine\": \"vulncheck\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor \u003c data.length + 4 instead of cursor + 4 \u003c= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This affects any Node.js application that processes zip file uploads and calls entry.getLastModDate() on parsed entries. Fixed in version 3.2.1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-193\", \"description\": \"Off-by-one Error\"}]}], \"providerMetadata\": {\"orgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"shortName\": \"VulnCheck\", \"dateUpdated\": \"2026-03-11T22:58:48.863Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-31988\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-12T13:40:55.420Z\", \"dateReserved\": \"2026-03-10T19:48:11.109Z\", \"assignerOrgId\": \"83251b91-4cc7-4094-a5c7-464a1b83ea10\", \"datePublished\": \"2026-03-11T22:58:48.863Z\", \"assignerShortName\": \"VulnCheck\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
CERTFR-2026-AVI-0667
Vulnerability from certfr_avis - Published: 2026-05-29 - Updated: 2026-05-29
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics Mobile versions antérieures à 1.1.26 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.3.1.0 sans le correctif iFix09 | ||
| IBM | Tivoli Monitoring | Tivoli Monitoring sans le dernier correctif de sécurité | ||
| IBM | QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP15 IF03 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.4.2.0 sans le correctif iFix04 | ||
| IBM | QRadar Suite Software | QRadar Suite Software versions antérieures à 1.11.11.0 | ||
| IBM | N/A | Analyst Workflow versions antérieures à 3.1.0 | ||
| IBM | Cloud Pak | Cloud Pak for Security versions antérieures à 1.11.11.0 | ||
| IBM | Sterling Control Center | Sterling Control Center versions 6.4.1.0 sans le correctif iFix03 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics Mobile versions ant\u00e9rieures \u00e0 1.1.26",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.3.1.0 sans le correctif iFix09",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Tivoli Monitoring sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Tivoli Monitoring",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP15 IF03",
"product": {
"name": "QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.2.0 sans le correctif iFix04",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar Suite Software versions ant\u00e9rieures \u00e0 1.11.11.0",
"product": {
"name": "QRadar Suite Software",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Analyst Workflow versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cloud Pak for Security versions ant\u00e9rieures \u00e0 1.11.11.0",
"product": {
"name": "Cloud Pak",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Sterling Control Center versions 6.4.1.0 sans le correctif iFix03",
"product": {
"name": "Sterling Control Center",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27980"
},
{
"name": "CVE-2026-35388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35388"
},
{
"name": "CVE-2006-10003",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-10003"
},
{
"name": "CVE-2026-27135",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27135"
},
{
"name": "CVE-2026-41324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41324"
},
{
"name": "CVE-2026-40466",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40466"
},
{
"name": "CVE-2026-2229",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2229"
},
{
"name": "CVE-2026-35386",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35386"
},
{
"name": "CVE-2026-32597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32597"
},
{
"name": "CVE-2025-12816",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12816"
},
{
"name": "CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"name": "CVE-2026-31402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31402"
},
{
"name": "CVE-2025-53643",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-53643"
},
{
"name": "CVE-2025-68741",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68741"
},
{
"name": "CVE-2026-33349",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33349"
},
{
"name": "CVE-2026-34982",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34982"
},
{
"name": "CVE-2026-33940",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33940"
},
{
"name": "CVE-2024-12797",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12797"
},
{
"name": "CVE-2026-40974",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40974"
},
{
"name": "CVE-2026-1527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1527"
},
{
"name": "CVE-2026-32875",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32875"
},
{
"name": "CVE-2026-31988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31988"
},
{
"name": "CVE-2024-28102",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28102"
},
{
"name": "CVE-2026-40977",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40977"
},
{
"name": "CVE-2026-22013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22013"
},
{
"name": "CVE-2026-28421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28421"
},
{
"name": "CVE-2026-1525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1525"
},
{
"name": "CVE-2026-22018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22018"
},
{
"name": "CVE-2026-31431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31431"
},
{
"name": "CVE-2025-6176",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6176"
},
{
"name": "CVE-2025-11953",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11953"
},
{
"name": "CVE-2026-23745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23745"
},
{
"name": "CVE-2025-59471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59471"
},
{
"name": "CVE-2026-33941",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33941"
},
{
"name": "CVE-2026-0848",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0848"
},
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2026-33412",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33412"
},
{
"name": "CVE-2026-5121",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5121"
},
{
"name": "CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"name": "CVE-2026-34282",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34282"
},
{
"name": "CVE-2025-59472",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59472"
},
{
"name": "CVE-2026-2581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2581"
},
{
"name": "CVE-2021-23337",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23337"
},
{
"name": "CVE-2025-64718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64718"
},
{
"name": "CVE-2026-23401",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23401"
},
{
"name": "CVE-2025-40252",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40252"
},
{
"name": "CVE-2025-66031",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66031"
},
{
"name": "CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"name": "CVE-2026-21860",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21860"
},
{
"name": "CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"name": "CVE-2026-0847",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0847"
},
{
"name": "CVE-2026-4424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4424"
},
{
"name": "CVE-2025-6545",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6545"
},
{
"name": "CVE-2026-23865",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23865"
},
{
"name": "CVE-2026-28417",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-28417"
},
{
"name": "CVE-2023-5764",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5764"
},
{
"name": "CVE-2026-5598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5598"
},
{
"name": "CVE-2026-30922",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30922"
},
{
"name": "CVE-2026-23191",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23191"
},
{
"name": "CVE-2026-2359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2359"
},
{
"name": "CVE-2026-6918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6918"
},
{
"name": "CVE-2026-35535",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35535"
},
{
"name": "CVE-2025-68724",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68724"
},
{
"name": "CVE-2026-33939",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33939"
},
{
"name": "CVE-2026-27699",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27699"
},
{
"name": "CVE-2025-65945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-65945"
},
{
"name": "CVE-2026-33228",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33228"
},
{
"name": "CVE-2025-12758",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12758"
},
{
"name": "CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"name": "CVE-2026-41044",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41044"
},
{
"name": "CVE-2006-10002",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-10002"
},
{
"name": "CVE-2026-5795",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5795"
},
{
"name": "CVE-2026-40975",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40975"
},
{
"name": "CVE-2026-27942",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27942"
},
{
"name": "CVE-2024-41073",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41073"
},
{
"name": "CVE-2026-26960",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26960"
},
{
"name": "CVE-2025-5187",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5187"
},
{
"name": "CVE-2026-4923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4923"
},
{
"name": "CVE-2026-4867",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4867"
},
{
"name": "CVE-2024-9902",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9902"
},
{
"name": "CVE-2024-8775",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8775"
},
{
"name": "CVE-2026-27199",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27199"
},
{
"name": "CVE-2026-27903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27903"
},
{
"name": "CVE-2025-66471",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66471"
},
{
"name": "CVE-2026-21441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21441"
},
{
"name": "CVE-2025-66030",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66030"
},
{
"name": "CVE-2024-11079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11079"
},
{
"name": "CVE-2026-23897",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23897"
},
{
"name": "CVE-2026-35385",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35385"
},
{
"name": "CVE-2026-34601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34601"
},
{
"name": "CVE-2026-29057",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29057"
},
{
"name": "CVE-2026-32874",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32874"
},
{
"name": "CVE-2026-4519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4519"
},
{
"name": "CVE-2026-34197",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34197"
},
{
"name": "CVE-2026-25128",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25128"
},
{
"name": "CVE-2025-13333",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13333"
},
{
"name": "CVE-2025-12635",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12635"
},
{
"name": "CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"name": "CVE-2025-66221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66221"
},
{
"name": "CVE-2026-23950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23950"
},
{
"name": "CVE-2026-33036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33036"
},
{
"name": "CVE-2026-35414",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35414"
},
{
"name": "CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"name": "CVE-2026-3304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-3304"
},
{
"name": "CVE-2026-33916",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33916"
},
{
"name": "CVE-2026-22016",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22016"
},
{
"name": "CVE-2026-22021",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22021"
},
{
"name": "CVE-2026-6100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-6100"
},
{
"name": "CVE-2026-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22007"
},
{
"name": "CVE-2026-34268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34268"
},
{
"name": "CVE-2026-29786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29786"
},
{
"name": "CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"name": "CVE-2026-1519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1519"
},
{
"name": "CVE-2026-1528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1528"
},
{
"name": "CVE-2023-26132",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26132"
},
{
"name": "CVE-2026-1526",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1526"
},
{
"name": "CVE-2026-33937",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33937"
},
{
"name": "CVE-2026-31808",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31808"
},
{
"name": "CVE-2026-27459",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27459"
},
{
"name": "CVE-2026-25639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25639"
},
{
"name": "CVE-2026-40973",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40973"
},
{
"name": "CVE-2026-39373",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39373"
},
{
"name": "CVE-2026-27448",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27448"
},
{
"name": "CVE-2026-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8620"
},
{
"name": "CVE-2025-69277",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69277"
},
{
"name": "CVE-2026-8633",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-8633"
},
{
"name": "CVE-2026-26278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26278"
},
{
"name": "CVE-2025-22870",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22870"
},
{
"name": "CVE-2026-23490",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23490"
},
{
"name": "CVE-2025-14009",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14009"
},
{
"name": "CVE-2025-7339",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-7339"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
},
{
"name": "CVE-2026-25896",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25896"
},
{
"name": "CVE-2026-26996",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-26996"
},
{
"name": "CVE-2026-4786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4786"
},
{
"name": "CVE-2026-33938",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33938"
},
{
"name": "CVE-2025-64756",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-64756"
},
{
"name": "CVE-2026-32141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32141"
},
{
"name": "CVE-2026-30951",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-30951"
},
{
"name": "CVE-2026-35387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35387"
},
{
"name": "CVE-2026-24001",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24001"
},
{
"name": "CVE-2025-58754",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-58754"
},
{
"name": "CVE-2026-27837",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27837"
},
{
"name": "CVE-2025-6547",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6547"
},
{
"name": "CVE-2026-29063",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-29063"
},
{
"name": "CVE-2026-39983",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-39983"
},
{
"name": "CVE-2026-22008",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22008"
},
{
"name": "CVE-2025-14813",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-14813"
},
{
"name": "CVE-2026-31802",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31802"
},
{
"name": "CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"name": "CVE-2025-67221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-67221"
},
{
"name": "CVE-2026-4926",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4926"
},
{
"name": "CVE-2026-25547",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-25547"
},
{
"name": "CVE-2026-27904",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27904"
},
{
"name": "CVE-2026-2739",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2739"
},
{
"name": "CVE-2024-56462",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56462"
},
{
"name": "CVE-2026-35213",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35213"
},
{
"name": "CVE-2025-66418",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66418"
},
{
"name": "CVE-2026-0846",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0846"
}
],
"initial_release_date": "2026-05-29T00:00:00",
"last_revision_date": "2026-05-29T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0667",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-29T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection SQL (SQLi)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Falsification de requ\u00eates c\u00f4t\u00e9 serveur (SSRF)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274185",
"url": "https://www.ibm.com/support/pages/node/7274185"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274154",
"url": "https://www.ibm.com/support/pages/node/7274154"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274180",
"url": "https://www.ibm.com/support/pages/node/7274180"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274183",
"url": "https://www.ibm.com/support/pages/node/7274183"
},
{
"published_at": "2026-05-25",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273957",
"url": "https://www.ibm.com/support/pages/node/7273957"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274184",
"url": "https://www.ibm.com/support/pages/node/7274184"
},
{
"published_at": "2026-05-28",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274314",
"url": "https://www.ibm.com/support/pages/node/7274314"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274182",
"url": "https://www.ibm.com/support/pages/node/7274182"
},
{
"published_at": "2026-05-27",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7274181",
"url": "https://www.ibm.com/support/pages/node/7274181"
},
{
"published_at": "2026-05-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7273803",
"url": "https://www.ibm.com/support/pages/node/7273803"
},
{
"published_at": "2026-05-22",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7272901",
"url": "https://www.ibm.com/support/pages/node/7272901"
}
]
}
FKIE_CVE-2026-31988
Vulnerability from fkie_nvd - Published: 2026-03-11 23:16 - Updated: 2026-04-15 14:56
Severity
Summary
yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This affects any Node.js application that processes zip file uploads and calls entry.getLastModDate() on parsed entries. Fixed in version 3.2.1.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor \u003c data.length + 4 instead of cursor + 4 \u003c= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This affects any Node.js application that processes zip file uploads and calls entry.getLastModDate() on parsed entries. Fixed in version 3.2.1."
},
{
"lang": "es",
"value": "yauzl (tambi\u00e9n conocida como Yet Another Unzip Library) versi\u00f3n 3.2.0 para Node.js contiene un error de off-by-one en el analizador del campo extra de marca de tiempo extendida NTFS dentro de la funci\u00f3n getLastModDate(). La condici\u00f3n del bucle \u0027while\u0027 comprueba cursor \u0026lt; data.length + 4 en lugar de cursor + 4 \u0026lt;= data.length, permitiendo que readUInt16LE() lea m\u00e1s all\u00e1 del l\u00edmite del b\u00fafer. Un atacante remoto puede causar una denegaci\u00f3n de servicio (ca\u00edda del proceso a trav\u00e9s de una excepci\u00f3n ERR_OUT_OF_RANGE) al enviar un archivo zip manipulado con un campo extra NTFS malformado. Esto afecta a cualquier aplicaci\u00f3n Node.js que procesa cargas de archivos zip y llama a entry.getLastModDate() en las entradas analizadas. Corregido en la versi\u00f3n 3.2.1."
}
],
"id": "CVE-2026-31988",
"lastModified": "2026-04-15T14:56:45.970",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
},
"published": "2026-03-11T23:16:00.530",
"references": [
{
"source": "disclosure@vulncheck.com",
"url": "https://github.com/thejoshwolfe/yauzl/commit/c4695215b05c6adffda613b9051a2a85429b33fe"
},
{
"source": "disclosure@vulncheck.com",
"url": "https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash"
},
{
"source": "disclosure@vulncheck.com",
"url": "https://www.npmjs.com/package/yauzl"
},
{
"source": "disclosure@vulncheck.com",
"url": "https://www.vulncheck.com/advisories/yauzl-denial-of-service-via-off-by-one-error-in-ntfs-timestamp-parser"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"url": "https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash"
}
],
"sourceIdentifier": "disclosure@vulncheck.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-193"
}
],
"source": "disclosure@vulncheck.com",
"type": "Secondary"
}
]
}
GHSA-GMQ8-994R-JV83
Vulnerability from github – Published: 2026-03-12 00:31 – Updated: 2026-03-16 12:35
VLAI
Summary
yauzl contains an off-by-one error
Details
yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor < data.length + 4 instead of cursor + 4 <= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This affects any Node.js application that processes zip file uploads and calls entry.getLastModDate() on parsed entries. Fixed in version 3.2.1.
Severity
5.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "yauzl"
},
"ranges": [
{
"events": [
{
"introduced": "3.2.0"
},
{
"fixed": "3.2.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.2.0"
]
}
],
"aliases": [
"CVE-2026-31988"
],
"database_specific": {
"cwe_ids": [
"CWE-193"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-13T18:58:11Z",
"nvd_published_at": "2026-03-11T23:16:00Z",
"severity": "MODERATE"
},
"details": "yauzl (aka Yet Another Unzip Library) version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate() function. The while loop condition checks cursor \u003c data.length + 4 instead of cursor + 4 \u003c= data.length, allowing readUInt16LE() to read past the buffer boundary. A remote attacker can cause a denial of service (process crash via ERR_OUT_OF_RANGE exception) by sending a crafted zip file with a malformed NTFS extra field. This affects any Node.js application that processes zip file uploads and calls entry.getLastModDate() on parsed entries. Fixed in version 3.2.1.",
"id": "GHSA-gmq8-994r-jv83",
"modified": "2026-03-16T12:35:31Z",
"published": "2026-03-12T00:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31988"
},
{
"type": "WEB",
"url": "https://github.com/thejoshwolfe/yauzl/commit/c4695215b05c6adffda613b9051a2a85429b33fe"
},
{
"type": "PACKAGE",
"url": "https://github.com/thejoshwolfe/yauzl"
},
{
"type": "WEB",
"url": "https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/package/yauzl"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/yauzl-denial-of-service-via-off-by-one-error-in-ntfs-timestamp-parser"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "yauzl contains an off-by-one error"
}
RHSA-2026:24841
Vulnerability from csaf_redhat - Published: 2026-06-09 14:38 - Updated: 2026-06-09 19:11Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.10.0 release.
Severity
Moderate
Notes
Topic: Red Hat Developer Hub 1.10.0 has been released.
Details: Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in path-to-regexp. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. The issue arises when multiple wildcards are used with parameters in a way that creates a vulnerable regular expression, leading to excessive processing time and system unresponsiveness.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in Undici, an HTTP/1.1 client for Node.js. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP response with an unbounded number of links in the decompression chain. This could lead to high CPU usage and excessive memory allocation, resulting in a Denial of Service (DoS) for the affected system.
CWE-770 - Allocation of Resources Without Limits or ThrottlingAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Low
A flaw was found in Underscore.js, a JavaScript utility library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) attack by providing specially crafted recursive data structures. When these structures are processed by the _.flatten or _.isEqual functions, which lack a depth limit for recursion, a stack overflow occurs. This can make the application unavailable to legitimate users.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in yauzl (Yet Another Unzip Library), a component used in Node.js applications for handling zip files. A remote attacker can exploit an error in how the library processes specific timestamp information within a crafted zip file. This can lead to a denial of service (DoS), causing affected applications to crash and become unavailable.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
An allowlist bypass flaw has been discovered in the npm @backstage/plugin-auth-backend package. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafted redirect URI can pass the allowlist validation while resolving to an attacker-controlled host. If a victim approves the resulting OAuth consent request, their authorization code is sent to the attacker, who can exchange it for a valid access token. This requires victim interaction and that one of the experimental features is explicitly enabled, which is not the default.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing specially crafted XML input to an application using the affected library. The DocTypeReader component incorrectly processes configuration limits for entity counts and sizes when these limits are explicitly set to zero, bypassing intended restrictions. This oversight allows for unbounded entity expansion, consuming excessive memory and leading to a Denial of Service (DoS) condition, which makes the application unavailable to legitimate users.
5.9 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 | — |
Vendor Fix
fix
Workaround
|
Known not affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 | — |
Workaround
|
|
| Unresolved product id: Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 | — |
Workaround
|
Threats
Impact
Moderate
References
62 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.10.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:24841",
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-22036",
"url": "https://access.redhat.com/security/cve/CVE-2026-22036"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27601",
"url": "https://access.redhat.com/security/cve/CVE-2026-27601"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-2950",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31988",
"url": "https://access.redhat.com/security/cve/CVE-2026-31988"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-32235",
"url": "https://access.redhat.com/security/cve/CVE-2026-32235"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-33349",
"url": "https://access.redhat.com/security/cve/CVE-2026-33349"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-4923",
"url": "https://access.redhat.com/security/cve/CVE-2026-4923"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2870",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2870"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2962",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2962"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2964",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2964"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2965",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2965"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2966",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2966"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2971",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2971"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/RHDHBUGS-2974",
"url": "https://issues.redhat.com/browse/RHDHBUGS-2974"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24841.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.10.0 release.",
"tracking": {
"current_release_date": "2026-06-09T19:11:29+00:00",
"generator": {
"date": "2026-06-09T19:11:29+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.2"
}
},
"id": "RHSA-2026:24841",
"initial_release_date": "2026-06-09T14:38:34+00:00",
"revision_history": [
{
"date": "2026-06-09T14:38:34+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-09T14:38:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-09T19:11:29+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.10",
"product": {
"name": "Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.10::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3Ab99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-hub-rhel9\u0026tag=1780930740"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3Ac290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-rhel9-operator\u0026tag=1779927546"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ab04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db?arch=amd64\u0026repository_url=registry.redhat.io/rhdh/rhdh-operator-bundle\u0026tag=1780961472"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64 as a component of Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64 as a component of Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.10"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64 as a component of Red Hat Developer Hub 1.10",
"product_id": "Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.10"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-2950",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-03-31T20:01:38.424064+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453499"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. An attacker can exploit a prototype pollution vulnerability in the `_.unset` and `_.omit` functions by bypassing a security check. This bypass is achieved by providing array-wrapped path segments, which allows for the deletion of properties from built-in JavaScript prototypes such as `Object.prototype`. This could lead to unexpected application behavior or denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-2950"
},
{
"category": "external",
"summary": "RHBZ#2453499",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453499"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-2950",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-2950"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2950"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-03-31T19:18:35.796000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "lodash: Lodash: Prototype pollution allows deletion of built-in prototype properties via array path bypass"
},
{
"cve": "CVE-2026-4923",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-03-26T20:02:52.199458+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451860"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. The issue arises when multiple wildcards are used with parameters in a way that creates a vulnerable regular expression, leading to excessive processing time and system unresponsiveness.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp: Denial of Service via specially crafted paths with multiple wildcards",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4923"
},
{
"category": "external",
"summary": "RHBZ#2451860",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451860"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4923",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4923"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4923",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4923"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
}
],
"release_date": "2026-03-26T19:02:00.729000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: path-to-regexp: Denial of Service via specially crafted paths with multiple wildcards"
},
{
"cve": "CVE-2026-22036",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-14T20:01:00.899462+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2429741"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undici, an HTTP/1.1 client for Node.js. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP response with an unbounded number of links in the decompression chain. This could lead to high CPU usage and excessive memory allocation, resulting in a Denial of Service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici: Denial of Service via excessive decompression steps",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. The flaw in Undici, an HTTP/1.1 client for Node.js, allows a remote malicious server to trigger a Denial of Service by sending a specially crafted HTTP response with excessive decompression steps. This can lead to high CPU usage and memory allocation on the client system. Red Hat products utilizing Undici that connect to untrusted external HTTP servers are potentially affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-22036"
},
{
"category": "external",
"summary": "RHBZ#2429741",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429741"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-22036",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22036"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-22036",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22036"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3",
"url": "https://github.com/nodejs/undici/commit/b04e3cbb569c1596f86c108e9b52c79d8475dcb3"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-g9mf-h72j-4rw9"
}
],
"release_date": "2026-01-14T19:07:13.745000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "undici: Undici: Denial of Service via excessive decompression steps"
},
{
"cve": "CVE-2026-27601",
"cwe": {
"id": "CWE-606",
"name": "Unchecked Input for Loop Condition"
},
"discovery_date": "2026-03-03T23:01:58.011378+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2444247"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Underscore.js, a JavaScript utility library. This vulnerability allows a remote attacker to trigger a Denial of Service (DoS) attack by providing specially crafted recursive data structures. When these structures are processed by the _.flatten or _.isEqual functions, which lack a depth limit for recursion, a stack overflow occurs. This can make the application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27601"
},
{
"category": "external",
"summary": "RHBZ#2444247",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2444247"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27601",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27601"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27601",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27601"
},
{
"category": "external",
"summary": "https://github.com/jashkenas/underscore/commit/411e222eb0ca5d570cc4f6315c02c05b830ed2b4",
"url": "https://github.com/jashkenas/underscore/commit/411e222eb0ca5d570cc4f6315c02c05b830ed2b4"
},
{
"category": "external",
"summary": "https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84",
"url": "https://github.com/jashkenas/underscore/commit/a6e23ae9647461ec33ad9f92a2ecfc220eea0a84"
},
{
"category": "external",
"summary": "https://github.com/jashkenas/underscore/security/advisories/GHSA-qpx9-hpmf-5gmw",
"url": "https://github.com/jashkenas/underscore/security/advisories/GHSA-qpx9-hpmf-5gmw"
}
],
"release_date": "2026-03-03T22:38:38.955000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "To mitigate this issue, applications utilizing Underscore.js should ensure that any processing of untrusted, recursively structured data with `_.flatten` or `_.isEqual` explicitly enforces a finite depth limit. Review application code to identify and modify calls to these functions, adding appropriate depth parameters to prevent stack overflow conditions. Additionally, input validation should be implemented to sanitize untrusted data before it is processed by Underscore.js functions.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Underscore.js: Underscore.js: Denial of Service via recursive data structures in flatten and isEqual functions"
},
{
"cve": "CVE-2026-31988",
"cwe": {
"id": "CWE-193",
"name": "Off-by-one Error"
},
"discovery_date": "2026-03-12T00:01:15.619385+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2446882"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in yauzl (Yet Another Unzip Library), a component used in Node.js applications for handling zip files. A remote attacker can exploit an error in how the library processes specific timestamp information within a crafted zip file. This can lead to a denial of service (DoS), causing affected applications to crash and become unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "yauzl: yauzl: Denial of Service vulnerability in zip file processing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate: This flaw in yauzl can lead to a denial of service in Node.js applications that process zip file uploads and specifically call `entry.getLastModDate()` on parsed entries. Red Hat products that utilize the affected `yauzl` library in this manner are susceptible to a process crash when handling a specially crafted zip file containing a malformed NTFS extra field.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31988"
},
{
"category": "external",
"summary": "RHBZ#2446882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31988",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31988"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31988",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31988"
},
{
"category": "external",
"summary": "https://github.com/thejoshwolfe/yauzl/commit/c4695215b05c6adffda613b9051a2a85429b33fe",
"url": "https://github.com/thejoshwolfe/yauzl/commit/c4695215b05c6adffda613b9051a2a85429b33fe"
},
{
"category": "external",
"summary": "https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash",
"url": "https://www.codeant.ai/security-research/yauzl-denial-of-service-zip-file-crash"
},
{
"category": "external",
"summary": "https://www.npmjs.com/package/yauzl",
"url": "https://www.npmjs.com/package/yauzl"
},
{
"category": "external",
"summary": "https://www.vulncheck.com/advisories/yauzl-denial-of-service-via-off-by-one-error-in-ntfs-timestamp-parser",
"url": "https://www.vulncheck.com/advisories/yauzl-denial-of-service-via-off-by-one-error-in-ntfs-timestamp-parser"
}
],
"release_date": "2026-03-11T22:58:48.863000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "yauzl: yauzl: Denial of Service vulnerability in zip file processing"
},
{
"cve": "CVE-2026-32235",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"discovery_date": "2026-03-12T19:01:05.406839+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2447075"
}
],
"notes": [
{
"category": "description",
"text": "An allowlist bypass flaw has been discovered in the npm @backstage/plugin-auth-backend package. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured allowedRedirectUriPatterns are affected. A specially crafted redirect URI can pass the allowlist validation while resolving to an attacker-controlled host. If a victim approves the resulting OAuth consent request, their authorization code is sent to the attacker, who can exchange it for a valid access token. This requires victim interaction and that one of the experimental features is explicitly enabled, which is not the default.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "@backstage/plugin-auth-backend: @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-32235"
},
{
"category": "external",
"summary": "RHBZ#2447075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-32235",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-32235"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-32235",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32235"
},
{
"category": "external",
"summary": "https://github.com/backstage/backstage/security/advisories/GHSA-wqvh-63mv-9w92",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-wqvh-63mv-9w92"
}
],
"release_date": "2026-03-12T18:35:06.325000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "@backstage/plugin-auth-backend: @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass"
},
{
"cve": "CVE-2026-33349",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-03-24T20:02:32.870828+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2450909"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in fast-xml-parser. A remote attacker can exploit this vulnerability by providing specially crafted XML input to an application using the affected library. The DocTypeReader component incorrectly processes configuration limits for entity counts and sizes when these limits are explicitly set to zero, bypassing intended restrictions. This oversight allows for unbounded entity expansion, consuming excessive memory and leading to a Denial of Service (DoS) condition, which makes the application unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33349"
},
{
"category": "external",
"summary": "RHBZ#2450909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2450909"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33349",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33349"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33349",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33349"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/239b64aa1fc5c5455ddebbbb54a187eb68c9fdb7",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/commit/239b64aa1fc5c5455ddebbbb54a187eb68c9fdb7"
},
{
"category": "external",
"summary": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jp2q-39xq-3w4g",
"url": "https://github.com/NaturalIntelligence/fast-xml-parser/security/advisories/GHSA-jp2q-39xq-3w4g"
}
],
"release_date": "2026-03-24T19:35:47.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-09T14:38:34+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:24841"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b99622b2ec913bdf7ad25a7a9919fbf07a6a177548b3f486acf648c533ca4f22_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:b04577fd53315437ef4580af92055fb5238649a5a11e68e264ea1ed70eae79db_amd64",
"Red Hat Developer Hub 1.10:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:c290c8d9d433286ac038022c229b359500b7451a3d3f97c3c50371b6198df029_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…