RHSA-2026:7314
Vulnerability from csaf_redhat - Published: 2026-04-09 13:39 - Updated: 2026-04-09 14:38Summary
Red Hat Security Advisory: Red Hat Quay 3.14.7
Severity
Important
Notes
Topic: Red Hat Quay 3.14.7 is now available with bug fixes.
Details: Quay 3.14.7
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
7.5 (High)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11458
https://access.redhat.com/errata/RHSA-2026:7314
Workaround
To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.
A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker's key, allowing them to bypass authentication and gain unauthorized access.
9.1 (Critical)
Vendor Fix
Before applying this update, make sure all previously released errata relevant
to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11458
https://access.redhat.com/errata/RHSA-2026:7314
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Quay 3.14.7 is now available with bug fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Quay 3.14.7",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:7314",
"url": "https://access.redhat.com/errata/RHSA-2026:7314"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-69873",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-27962",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7314.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Quay 3.14.7",
"tracking": {
"current_release_date": "2026-04-09T14:38:19+00:00",
"generator": {
"date": "2026-04-09T14:38:19+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2026:7314",
"initial_release_date": "2026-04-09T13:39:27+00:00",
"revision_history": [
{
"date": "2026-04-09T13:39:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-04-09T13:39:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-09T14:38:19+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Quay 3.14",
"product": {
"name": "Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:quay:3.14::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat Quay"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-bundle@sha256%3A250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775242297"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224837"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-bundle@sha256%3A2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775254008"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224758"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ac35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775236401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3Aa58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3Ab1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-bundle@sha256%3Afad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775516330"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775256111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f?arch=amd64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775512163"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Ab56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224837"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224758"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ae5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775236401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3Ab5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775256111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3?arch=arm64\u0026repository_url=registry.redhat.io/quay\u0026tag=1775512163"
}
}
}
],
"category": "architecture",
"name": "arm64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3Adbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224837"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224758"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3A92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775236401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775256111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3A5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b?arch=ppc64le\u0026repository_url=registry.redhat.io/quay\u0026tag=1775512163"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"product_id": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-container-security-operator-rhel8@sha256%3A4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224837"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"product_id": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-bridge-operator-rhel8@sha256%3A6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224758"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-qemu-rhcos-rhel8@sha256%3Ab3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775236401"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"product_id": "registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-builder-rhel8@sha256%3A689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224786"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"product": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"product_id": "registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"product_identification_helper": {
"purl": "pkg:oci/clair-rhel8@sha256%3A702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775224767"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"product_id": "registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-operator-rhel8@sha256%3A33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775256111"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x",
"product": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x",
"product_id": "registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x",
"product_identification_helper": {
"purl": "pkg:oci/quay-rhel8@sha256%3Acfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5?arch=s390x\u0026repository_url=registry.redhat.io/quay\u0026tag=1775512163"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64"
},
"product_reference": "registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64 as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"relates_to_product_reference": "Red Hat Quay 3.14"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x as a component of Red Hat Quay 3.14",
"product_id": "Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
},
"product_reference": "registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x",
"relates_to_product_reference": "Red Hat Quay 3.14"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:39:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7314"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-27962",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-03-16T18:02:07.041902+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448164"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Authlib, a Python library used for creating secure authentication and authorization systems. This vulnerability, known as JWK (JSON Web Key) Header Injection, affects how Authlib verifies digital signatures in JWS (JSON Web Signature) tokens. An attacker can exploit this by creating a specially crafted token that includes their own cryptographic key in the header. When the system attempts to verify this token without a predefined key, it mistakenly uses the attacker\u0027s key, allowing them to bypass authentication and gain unauthorized access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This critical vulnerability in Authlib\u0027s JWS implementation allows unauthenticated attackers to forge JWTs by embedding their own cryptographic key in the token header. Impact is high to confidentiality and integrity as attackers can bypass authentication.\n\nThe impact for Red Hat Quay is rated as low because it imports authlib solely as a JWK parsing utility and performs all JWT signature verification through PyJWT, so the vulnerable jws.deserialize_compact() code path is never called.\n\nRed Hat OpenShift AI is not affected, since authlib is only present as a transitive dependency in the dev dependency group and is not included in production image builds, so the vulnerable code is not present in the shipped product.\n\nRed Hat Satellite is not affected, as authlib is only present as a dependency of fastmcp. In Satellite, fastmcp only invokes authlib using jwt.decode() which isn\u0027t able to reach the vulnerability condition even with key=none.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
],
"known_not_affected": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27962"
},
{
"category": "external",
"summary": "RHBZ#2448164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27962",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27962"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27962"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681",
"url": "https://github.com/authlib/authlib/commit/a5d4b2d4c9e46bfa11c82f85fdc2bcc0b50ae681"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/releases/tag/v1.6.9",
"url": "https://github.com/authlib/authlib/releases/tag/v1.6.9"
},
{
"category": "external",
"summary": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5",
"url": "https://github.com/authlib/authlib/security/advisories/GHSA-wvwj-cvrp-7pv5"
}
],
"release_date": "2026-03-16T17:34:38.946000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-04-09T13:39:27+00:00",
"details": "Before applying this update, make sure all previously released errata relevant\nto your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11458",
"product_ids": [
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:7314"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:2f4708fcb6d33a83959cf9d5733e12910b8f64a5fcf29051fd67803c8b103496_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:547aee162884d7561359375f6eada553365072bff6f51b212a228e066172ed1f_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:702d3486624a33c0b929547f59a7491f2b9246be5e4d39426ca48a3d2275e6f1_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/clair-rhel8@sha256:b1b56d8dd5b46faae23d6024411c4f9992a370d10965699608e3358c2f6c66b6_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-bundle@sha256:2915b3d961ac8a528af082803772c04edb5171a4590386935a1912f2718ed060_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:20938513fd9709176b158553286b615f857e2458cd3515c4f31f585f944a265f_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:3818efd3c5bfc2e39819f11323c8075b09a72b4daff70946f8ee231a1dceb6e3_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6c69e9ffcf29e4769d14d1de2f24ae52231237803804f77907742d7591397201_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-bridge-operator-rhel8@sha256:6e721e2b88de017546485b427aeda9115e8596d875f71de7c7c0f95239136402_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:92aeb229c424e0335d5f921844b049123153fa07f76c4e03c8cdd9b5476dac61_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:b3edfd46a42bd6769ee81d620a958b84d4f2bfc3459370abbb6e82ef4fcfc6a2_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:c35821e22efa8a22625a725bf8130dc183d235e4f9bb851df082523f90658898_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-qemu-rhcos-rhel8@sha256:e5750707f2e4b31acb300dda672c7763b3643391254369c7c1835675dc9637c6_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:689af696935a204022de3c25fc5a4095883b90e0604715f500f3bef50f05ed5f_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:6ff08f45f119498ac294e216ae39f2385e8b5f1e0e348a3cc7046db87c4947a5_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:83d96120338afda38bf9eb59fd514124adeb772619e1457eb07ee242b1e56cc1_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-builder-rhel8@sha256:a58b0fd427edece6e7fcfd2246a9f00d14751b7b21f09dcc28cd2f44cdab009b_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-bundle@sha256:250d48c5e6066940bcfc19d9294c85c05a0137212aec369ec43aba9f8d65f74f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:2ad22e69cbc9e4520336d2c810184943aebb98dbb7dcb839a09c715affe41687_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:4f3813bbe0dc9e205dd80a10cf6624dbf85647ab4824f17b7ea7aa8d815923bb_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:b56a52a12c4a430ae3b4d5b4ca0ccd4174f3aab52b1dc507e3e951602b5fcfde_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-container-security-operator-rhel8@sha256:dbf5e9b12d36813a77908b6d769a82e46771c87492a42844d4a5bf1562308874_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-bundle@sha256:fad9d7440c99df5b1227d6581415c4150f3cbcfe2fbae308bd70bdbcb06bdbeb_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:33591ec5fcf2e9a1f749e6f37ff6df06a2779f6cc7fb3b19013c47ab782b41f8_s390x",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:3aee5e0bd4ae76ffab05c911b71a30e5a5f59eeafd958f4eedf8f48d5c8e2d59_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:923655c52a9e78f2185973e42c732c1dec05760e6b790631de658886f14412c9_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-operator-rhel8@sha256:b5fb433f5bd294782da89cdda2aebf4cd378a6d1cf89d0ffd50b139f39894d54_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:01f890a5280ddd4093134dc21578f8a5f06cdade4b9a6d59f31ca8deec8c43c3_arm64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:3f44613559972c360a7e0cfce386ee3d840bc36dcb16175780835d53babe482f_amd64",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:5e1a86fac8d2a2a63daccd105780c5a526e26d051ffdd62d4f64c3da6561011b_ppc64le",
"Red Hat Quay 3.14:registry.redhat.io/quay/quay-rhel8@sha256:cfc2d2a2638d28ec365e50ddf997dd0fcc8782987ab5987db729e55b8f2c53e5_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…