Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-12905 (GCVE-0-2024-12905)
Vulnerability from cvelistv5
Published
2025-03-27 16:25
Modified
2025-04-20 15:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.
This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T18:21:53.061002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T18:25:53.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://registry.npmjs.org",
"defaultStatus": "unaffected",
"packageName": "tar-fs",
"programFiles": [
"index.js"
],
"repo": "https://github.com/mafintosh/tar-fs",
"versions": [
{
"changes": [
{
"at": "1.16.4",
"status": "unaffected"
}
],
"lessThan": "1.16.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "2.1.2",
"status": "unaffected"
}
],
"lessThan": "2.1.2",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.0.8",
"status": "unaffected"
}
],
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@bnbdr"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An \u003cstrong\u003eImproper Link Resolution Before File Access (\"Link Following\")\u003c/strong\u003e and \u003cstrong\u003eImproper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\")\u003c/strong\u003e. This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with \u003ccode\u003eindex.js\u003c/code\u003e in the \u003ccode\u003etar-fs\u003c/code\u003e package.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.\u003c/p\u003e"
}
],
"value": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
},
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-20T15:42:44.814Z",
"orgId": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"shortName": "seal"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
},
{
"tags": [
"technical-description"
],
"url": "https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"assignerShortName": "seal",
"cveId": "CVE-2024-12905",
"datePublished": "2025-03-27T16:25:34.410Z",
"dateReserved": "2024-12-23T13:53:01.494Z",
"dateUpdated": "2025-04-20T15:42:44.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-12905\",\"sourceIdentifier\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\",\"published\":\"2025-03-27T17:15:53.250\",\"lastModified\":\"2025-04-20T16:15:13.913\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Link Resolution Before File Access (\\\"Link Following\\\") and Improper Limitation of a Pathname to a Restricted Directory (\\\"Path Traversal\\\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\\n\\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.\"},{\"lang\":\"es\",\"value\":\"Resoluci\u00f3n incorrecta de enlaces antes del acceso a archivos (\\\"Link Following\\\") y limitaci\u00f3n incorrecta de una ruta a un directorio restringido (\\\"Path Traversal\\\"). Esta vulnerabilidad se produce al extraer un archivo tar manipulado con fines maliciosos, lo que puede provocar escrituras o sobrescrituras no autorizadas de archivos fuera del directorio de extracci\u00f3n previsto. El problema est\u00e1 asociado con index.js en el paquete tar-fs. Este problema afecta a tar-fs: desde la versi\u00f3n 0.0.0 hasta la 1.16.4, desde la versi\u00f3n 2.0.0 hasta la 2.1.2, desde la versi\u00f3n 3.0.0 hasta la 3.0.8.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"},{\"lang\":\"en\",\"value\":\"CWE-59\"}]}],\"references\":[{\"url\":\"https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed\",\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\"},{\"url\":\"https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs\",\"source\":\"22e2d327-25fe-45d7-9f0c-dcd23b7108df\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-12905\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-27T18:21:53.061002Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-27T18:24:06.268Z\"}}], \"cna\": {\"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"@bnbdr\"}], \"impacts\": [{\"capecId\": \"CAPEC-132\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-132 Symlink Attack\"}]}, {\"capecId\": \"CAPEC-126\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-126 Path Traversal\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"repo\": \"https://github.com/mafintosh/tar-fs\", \"versions\": [{\"status\": \"affected\", \"changes\": [{\"at\": \"1.16.4\", \"status\": \"unaffected\"}], \"version\": \"0.0.0\", \"lessThan\": \"1.16.4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"2.1.2\", \"status\": \"unaffected\"}], \"version\": \"2.0.0\", \"lessThan\": \"2.1.2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"changes\": [{\"at\": \"3.0.8\", \"status\": \"unaffected\"}], \"version\": \"3.0.0\", \"lessThan\": \"3.0.8\", \"versionType\": \"semver\"}], \"packageName\": \"tar-fs\", \"programFiles\": [\"index.js\"], \"collectionURL\": \"https://registry.npmjs.org\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed\", \"tags\": [\"patch\"]}, {\"url\": \"https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs\", \"tags\": [\"technical-description\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Link Resolution Before File Access (\\\"Link Following\\\") and Improper Limitation of a Pathname to a Restricted Directory (\\\"Path Traversal\\\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\\n\\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An \u003cstrong\u003eImproper Link Resolution Before File Access (\\\"Link Following\\\")\u003c/strong\u003e and \u003cstrong\u003eImproper Limitation of a Pathname to a Restricted Directory (\\\"Path Traversal\\\")\u003c/strong\u003e. This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with \u003ccode\u003eindex.js\u003c/code\u003e in the \u003ccode\u003etar-fs\u003c/code\u003e package.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-59\", \"description\": \"CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"22e2d327-25fe-45d7-9f0c-dcd23b7108df\", \"shortName\": \"seal\", \"dateUpdated\": \"2025-04-20T15:42:44.814Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-12905\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-20T15:42:44.814Z\", \"dateReserved\": \"2024-12-23T13:53:01.494Z\", \"assignerOrgId\": \"22e2d327-25fe-45d7-9f0c-dcd23b7108df\", \"datePublished\": \"2025-03-27T16:25:34.410Z\", \"assignerShortName\": \"seal\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
rhsa-2025:8540
Vulnerability from csaf_redhat
Published
2025-06-04 18:39
Modified
2025-07-25 16:59
Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.5.2 release.
Notes
Topic
Red Hat Developer Hub 1.5.2 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.5.2 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8540",
"url": "https://access.redhat.com/errata/RHSA-2025:8540"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12905",
"url": "https://access.redhat.com/security/cve/CVE-2024-12905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8540.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.5.2 release.",
"tracking": {
"current_release_date": "2025-07-25T16:59:05+00:00",
"generator": {
"date": "2025-07-25T16:59:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.4"
}
},
"id": "RHSA-2025:8540",
"initial_release_date": "2025-06-04T18:39:35+00:00",
"revision_history": [
{
"date": "2025-06-04T18:39:35+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-04T18:39:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-07-25T16:59:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.5",
"product": {
"name": "Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:e76a91d43f5fb482b19a42bf2cfc30e183b1331f6db600855600b5a917c889b3_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:e76a91d43f5fb482b19a42bf2cfc30e183b1331f6db600855600b5a917c889b3_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:e76a91d43f5fb482b19a42bf2cfc30e183b1331f6db600855600b5a917c889b3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3Ae76a91d43f5fb482b19a42bf2cfc30e183b1331f6db600855600b5a917c889b3?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.5.2-1748495853"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:6aeb54054d5bd7a122ab1742b2fcfc47e1227e1d7614907ac84cd202aaecfaa5_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:6aeb54054d5bd7a122ab1742b2fcfc47e1227e1d7614907ac84cd202aaecfaa5_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:6aeb54054d5bd7a122ab1742b2fcfc47e1227e1d7614907ac84cd202aaecfaa5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A6aeb54054d5bd7a122ab1742b2fcfc47e1227e1d7614907ac84cd202aaecfaa5?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.5.2-1748493879"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:13e82b4fccc423d0d68550b084cd37a394fdcdb7313b99e142c1570ccff07d91_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:13e82b4fccc423d0d68550b084cd37a394fdcdb7313b99e142c1570ccff07d91_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:13e82b4fccc423d0d68550b084cd37a394fdcdb7313b99e142c1570ccff07d91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A13e82b4fccc423d0d68550b084cd37a394fdcdb7313b99e142c1570ccff07d91?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.5.2-1748873060"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:e76a91d43f5fb482b19a42bf2cfc30e183b1331f6db600855600b5a917c889b3_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:e76a91d43f5fb482b19a42bf2cfc30e183b1331f6db600855600b5a917c889b3_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:e76a91d43f5fb482b19a42bf2cfc30e183b1331f6db600855600b5a917c889b3_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:13e82b4fccc423d0d68550b084cd37a394fdcdb7313b99e142c1570ccff07d91_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:13e82b4fccc423d0d68550b084cd37a394fdcdb7313b99e142c1570ccff07d91_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:13e82b4fccc423d0d68550b084cd37a394fdcdb7313b99e142c1570ccff07d91_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:6aeb54054d5bd7a122ab1742b2fcfc47e1227e1d7614907ac84cd202aaecfaa5_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:6aeb54054d5bd7a122ab1742b2fcfc47e1227e1d7614907ac84cd202aaecfaa5_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:6aeb54054d5bd7a122ab1742b2fcfc47e1227e1d7614907ac84cd202aaecfaa5_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12905",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-03-27T17:02:14.911888+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:13e82b4fccc423d0d68550b084cd37a394fdcdb7313b99e142c1570ccff07d91_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:6aeb54054d5bd7a122ab1742b2fcfc47e1227e1d7614907ac84cd202aaecfaa5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the tar-fs package for Node.js. In affected versions, unauthorized file writes or overwrites outside the intended extraction directory can occur when extracting a maliciously crafted tar file. The issue is associated with index.js in the tar-fs package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: link following and path traversal via maliciously crafted tar file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an important severity because it allows attackers to extract a malicious tar file that can write or overwrite files outside the intended directory. This occurs due to improper handling of link resolution and pathname limitations. The risk is high for systems that automatically extract tar files, as it can lead to data corruption or unauthorized file modifications without user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:e76a91d43f5fb482b19a42bf2cfc30e183b1331f6db600855600b5a917c889b3_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:13e82b4fccc423d0d68550b084cd37a394fdcdb7313b99e142c1570ccff07d91_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:6aeb54054d5bd7a122ab1742b2fcfc47e1227e1d7614907ac84cd202aaecfaa5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12905"
},
{
"category": "external",
"summary": "RHBZ#2355460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed",
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
}
],
"release_date": "2025-03-27T16:25:34.410000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-06-04T18:39:35+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:e76a91d43f5fb482b19a42bf2cfc30e183b1331f6db600855600b5a917c889b3_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8540"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:e76a91d43f5fb482b19a42bf2cfc30e183b1331f6db600855600b5a917c889b3_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:13e82b4fccc423d0d68550b084cd37a394fdcdb7313b99e142c1570ccff07d91_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:6aeb54054d5bd7a122ab1742b2fcfc47e1227e1d7614907ac84cd202aaecfaa5_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: link following and path traversal via maliciously crafted tar file"
}
]
}
rhsa-2025:3932
Vulnerability from csaf_redhat
Published
2025-04-16 02:48
Modified
2025-08-14 09:11
Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.20.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.20 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.20 release is based on Eclipse Che 7.100 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#devspaces
Security Fix(es):
DevSpaces-Operator
- golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws (CVE-2025-22868)
- golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)
DevSpaces-Pluginregistry
- tar-fs: link following and path traversal via maliciously crafted tar file (CVE-2024-12905)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.20 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.20 release is based on Eclipse Che 7.100 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#devspaces\n\nSecurity Fix(es):\n\nDevSpaces-Operator\n- golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws (CVE-2025-22868)\n- golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)\n\nDevSpaces-Pluginregistry\n- tar-fs: link following and path traversal via maliciously crafted tar file (CVE-2024-12905)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3932",
"url": "https://access.redhat.com/errata/RHSA-2025:3932"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "2355460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
},
{
"category": "external",
"summary": "CRW-8327",
"url": "https://issues.redhat.com/browse/CRW-8327"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3932.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.20.0 release",
"tracking": {
"current_release_date": "2025-08-14T09:11:03+00:00",
"generator": {
"date": "2025-08-14T09:11:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:3932",
"initial_release_date": "2025-04-16T02:48:23+00:00",
"revision_history": [
{
"date": "2025-04-16T02:48:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-16T02:48:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-14T09:11:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"product": {
"name": "devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"product_id": "devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"product": {
"name": "devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"product_id": "devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"product_id": "devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"product_id": "devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"product_id": "devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"product_id": "devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.20-21"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"product_id": "devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.20-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.20-12"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"product": {
"name": "devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"product_id": "devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.20-13"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"product": {
"name": "devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"product_id": "devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"product_id": "devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"product": {
"name": "devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"product_id": "devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.20-8"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"product": {
"name": "devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"product_id": "devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"product": {
"name": "devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"product_id": "devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"product_id": "devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"product_id": "devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"product_id": "devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"product_id": "devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.20-21"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"product_id": "devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.20-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.20-12"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"product": {
"name": "devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"product_id": "devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.20-13"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"product": {
"name": "devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"product_id": "devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"product_id": "devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"product": {
"name": "devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"product_id": "devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.20-8"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"product": {
"name": "devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"product_id": "devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"product": {
"name": "devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"product_id": "devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=3.20-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"product_id": "devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"product": {
"name": "devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"product_id": "devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e?arch=amd64\u0026repository_url=registry.redhat.io/devspaces-tech-preview/idea-rhel9\u0026tag=3.20-2"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"product_id": "devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9?arch=amd64\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=3.20-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"product_id": "devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"product_id": "devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.20-21"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"product_id": "devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.20-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.20-12"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"product": {
"name": "devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"product_id": "devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.20-13"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"product": {
"name": "devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"product_id": "devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"product_id": "devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64",
"product": {
"name": "devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64",
"product_id": "devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.20-8"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64"
},
"product_reference": "devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64"
},
"product_reference": "devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x"
},
"product_reference": "devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le"
},
"product_reference": "devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64"
},
"product_reference": "devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le"
},
"product_reference": "devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x"
},
"product_reference": "devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x"
},
"product_reference": "devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le"
},
"product_reference": "devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64"
},
"product_reference": "devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x"
},
"product_reference": "devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le"
},
"product_reference": "devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64"
},
"product_reference": "devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x"
},
"product_reference": "devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le"
},
"product_reference": "devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
},
"product_reference": "devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12905",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-03-27T17:02:14.911888+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the tar-fs package for Node.js. In affected versions, unauthorized file writes or overwrites outside the intended extraction directory can occur when extracting a maliciously crafted tar file. The issue is associated with index.js in the tar-fs package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: link following and path traversal via maliciously crafted tar file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an important severity because it allows attackers to extract a malicious tar file that can write or overwrite files outside the intended directory. This occurs due to improper handling of link resolution and pathname limitations. The risk is high for systems that automatically extract tar files, as it can lead to data corruption or unauthorized file modifications without user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64"
],
"known_not_affected": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12905"
},
{
"category": "external",
"summary": "RHBZ#2355460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed",
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
}
],
"release_date": "2025-03-27T16:25:34.410000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-16T02:48:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3932"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: link following and path traversal via maliciously crafted tar file"
},
{
"acknowledgments": [
{
"names": [
"jub0bs"
]
}
],
"cve": "CVE-2025-22868",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"discovery_date": "2025-02-26T04:00:44.350024+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348366"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the `golang.org/x/oauth2/jws` package in the token parsing component. This vulnerability is made possible because of the use of `strings.Split(token, \".\")` to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this functionality by sending numerous malformed tokens and can trigger memory exhaustion and a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x"
],
"known_not_affected": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22868"
},
{
"category": "external",
"summary": "RHBZ#2348366",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348366"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22868",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22868"
},
{
"category": "external",
"summary": "https://go.dev/cl/652155",
"url": "https://go.dev/cl/652155"
},
{
"category": "external",
"summary": "https://go.dev/issue/71490",
"url": "https://go.dev/issue/71490"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3488",
"url": "https://pkg.go.dev/vuln/GO-2025-3488"
}
],
"release_date": "2025-02-26T03:07:49.012000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-16T02:48:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3932"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, it is recommended to pre-validate any payloads passed to `go-jose` to check that they do not contain an excessive amount of `.` characters.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x"
],
"known_not_affected": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-16T02:48:23+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3932"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:4e822fa90a85d0321e809dc028f6a72b1e47a3bb7173143d79206b9b8af55b7e_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:1213f967cbe599166dcaa07280cf27c48cbb5c3e2828df278090fb1aa4636c8c_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:13e0884bb5ae5129350025beea1cbd2a6fdd9087718f6e085738a048629519b9_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:c2322954825785303dc48f29c5176bc173f58ab3215b0c710000bdcee08458be_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d956ac914d55184d56a5f5dee491254f5267c0fbc984a1171429e3a234872a84_amd64",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e0ddb90fb05f486b80fe1c0e7222bc6dd90071f762ab8fd8cfc45a39faa020b0_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e10c4f241fb1dfa9437e453b65ed57ca79550e487f16bc6742d6c1359824dcc0_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:0b605af925e0664d9f6a89c2460cbe56b6af3979bc394e97518a1ce64756dccb_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:3ece40e4a3862dc29d9bb41f407117fc52db2ca8208a1dabe82eea28e7a9ba29_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:effcd9952d7714b29c9496cf632d8e8ad1f5e1fffe4a46e59d57da42490da840_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:63c5caa6688b3aae3aee9c58e497b1afc7b9b0638eb83a3627eed3004fca11c3_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f3066189610abf7be0b9d2e827a108d6cdfcdd1a26dea8bb426af669b40d12ff_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f99e4373e39a70c99f4c67cd1a10483c99310e478e5a8b840ab114d11ed2ebd3_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:091d2d34fbd525a7e9b2c4b1b8eef5283039dfcaac597bece9f4ad0236d1cbf9_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:1bf0e4367621ed8fef30b5fbd6fbffa59731ecb20cbb8c9772015f8958198a16_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:a577adb2dbaddcf1ebdcec2a7c4d0a6b3a948fcf55d9890749f1605e8142b8d8_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:1fe43138f2ee8603e1f7aa2f9ade87a09099312836b79b606f09c6ded655c2a2_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:c3ad009df338a94aed8ca3d4d069bee447ce8b64291bc702fcfa408429108a80_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:d08147821133be235c9048e9b815576d38560f8e9745d64cf6ba1123dc3e3f89_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:01217396dfa1ffa44e9cf6b384093a7b6946135fd8fa122083ac6062a3790a2d_ppc64le",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:6987db3152cec7edcf50dbe86d50a5dcdb4923b0879212711b062718a1e4b162_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:ef04c7de41b9b0f5b53d7a8ac39121c509070a6023d75c1cf8f32301ab356567_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:134c31698768c99170eb6d27d6283b5f18459dec70fda9137ec0aac2ac60c324_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:be8e49378081f05fafba369f406d1cd211ca49e8fac21ce25176ab543094ae13_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ea043fb015e82632de477f17a94e0b9dd31b34312c0214fd2b8128e0d71ba716_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:54de6ce2c4b3a652b5af186490c65a07c4434d253548596f355b3cd3d4f1bd9b_s390x",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:f9d32726831f630601ad041898282bb5eaa50e81d6f8aeae6cf4a6fe272c37a6_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:fdd3cdce6f5d0308b19f84dbe31b746c3400c67b675a173e8062dfa593290e51_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:7e1b73c1d0ba5325bc430c8d01efa1e563f09bb34c1a88a4cf77a9001c7e955a_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:c12a41f6dfda6df2d532cc9c02e537c4fdcf52c7ec3ebb597bba38f1fe9eb040_ppc64le",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:cb4010ab30ac7e6d063fc7b746f1af3b811218e102013554f2f1969f6a237b20_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:01e231b75154957ecf5fa3f0d201f648d8558c6cfd7294a49865ff857316ee89_s390x",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:07939c868b6db934987241cdd6bef796bcc3fe3f0baf2ab940d1f6bf190141a5_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:193abc8712f684e9ed2d4b13b338ff20e3b29c07d433a7a73b0a7b152fff335d_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:37984d3f5b7450fc01b101e1635430147b20ecf03b1e79abe6f6b350fa7be1c1_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:5ca1c51f319331e9040acdc25bacab449c812165d11da5deb40f72a7ccf9824d_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:9df8324b79247bd77ad74b8948ff134db72559e88c53fab3a1259b7113a677d9_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:5997b680718b3b4cd7f19b0c59774ce5f7827926c7f679a55cfd608c26cff7dc_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:8d0dbdfa02c2f09576916271aeb0cfeeffc6554c02ee95035bf827de75809017_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:a2bdfc8f71be04e61c6175ca533a4d759a69a297398319ddc751b5ffd9a4e3ef_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
}
]
}
rhsa-2025:8244
Vulnerability from csaf_redhat
Published
2025-05-28 02:39
Modified
2025-08-15 03:16
Summary
Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.21.0 release
Notes
Topic
Red Hat OpenShift Dev Spaces 3.21 has been released.
All containers have been updated to include feature enhancements, bug fixes and CVE fixes.
Details
Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.
The 3.21 release is based on Eclipse Che 7.102 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.
Users still using the v1 standard should migrate as soon as possible.
https://devfile.io/docs/2.2.0/migrating-to-devfile-v2
Dev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates.
https://access.redhat.com/support/policy/updates/openshift#devspaces
Security Fix(es):
devspaces-code
- tar-fs: link following and path traversal via maliciously crafted tar file (CVE-2024-12905)
devspaces-traefik
- traefik: HTTP client can manipulate custom HTTP headers that are added by Traefik (CVE-2024-45410)
- golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)
- golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)
- golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat OpenShift Dev Spaces 3.21 has been released.\n\nAll containers have been updated to include feature enhancements, bug fixes and CVE fixes.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift Dev Spaces provides a cloud developer workspace server and a browser-based IDE built for teams and organizations. Dev Spaces runs in OpenShift and is well-suited for container-based development.\n\nThe 3.21 release is based on Eclipse Che 7.102 and uses the DevWorkspace engine to provide support for workspaces based on devfile v2.1 and v2.2.\n\nUsers still using the v1 standard should migrate as soon as possible.\n\nhttps://devfile.io/docs/2.2.0/migrating-to-devfile-v2\n\nDev Spaces releases support the latest two OpenShift 4 EUS releases. Users are expected to update to newer OpenShift releases in order to continue to get Dev Spaces updates. \n\nhttps://access.redhat.com/support/policy/updates/openshift#devspaces\n\nSecurity Fix(es):\n\ndevspaces-code\n- tar-fs: link following and path traversal via maliciously crafted tar file (CVE-2024-12905)\n\ndevspaces-traefik\n- traefik: HTTP client can manipulate custom HTTP headers that are added by Traefik (CVE-2024-45410)\n- golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto (CVE-2024-45337)\n- golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)\n- golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:8244",
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2313584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313584"
},
{
"category": "external",
"summary": "2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "2355460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
},
{
"category": "external",
"summary": "CRW-8607",
"url": "https://issues.redhat.com/browse/CRW-8607"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_8244.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift Dev Spaces 3.21.0 release",
"tracking": {
"current_release_date": "2025-08-15T03:16:11+00:00",
"generator": {
"date": "2025-08-15T03:16:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:8244",
"initial_release_date": "2025-05-28T02:39:39+00:00",
"revision_history": [
{
"date": "2025-05-28T02:39:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-05-28T02:39:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-15T03:16:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift Dev Spaces 3",
"product": {
"name": "Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift_devspaces:3::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Dev Spaces"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"product": {
"name": "devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"product_id": "devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.21-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"product": {
"name": "devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"product_id": "devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"product_id": "devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.21-12"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"product_id": "devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f?arch=s390x\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"product_id": "devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=3.21-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"product_id": "devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.21-25"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"product_id": "devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.21-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.21-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"product": {
"name": "devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"product_id": "devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.21-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"product": {
"name": "devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"product_id": "devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=3.21-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"product_id": "devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"product": {
"name": "devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"product_id": "devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22?arch=s390x\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.21-6"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"product": {
"name": "devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"product_id": "devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.21-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"product": {
"name": "devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"product_id": "devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"product_id": "devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.21-12"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"product_id": "devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"product_id": "devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=3.21-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"product_id": "devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.21-25"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"product_id": "devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.21-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.21-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"product": {
"name": "devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"product_id": "devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.21-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"product": {
"name": "devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"product_id": "devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=3.21-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"product_id": "devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le",
"product": {
"name": "devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le",
"product_id": "devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700?arch=ppc64le\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.21-6"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"product": {
"name": "devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"product_id": "devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"product_identification_helper": {
"purl": "pkg:oci/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/code-rhel9\u0026tag=3.21-5"
}
}
},
{
"category": "product_version",
"name": "devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"product": {
"name": "devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"product_id": "devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"product_identification_helper": {
"purl": "pkg:oci/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/configbump-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"product": {
"name": "devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"product_id": "devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/dashboard-rhel9\u0026tag=3.21-12"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"product": {
"name": "devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"product_id": "devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces-tech-preview/idea-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"product": {
"name": "devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"product_id": "devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"product_identification_helper": {
"purl": "pkg:oci/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/imagepuller-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"product": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"product_id": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"product_identification_helper": {
"purl": "pkg:oci/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27?arch=amd64\u0026repository_url=registry.redhat.io/devspaces-tech-preview/jetbrains-ide-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"product": {
"name": "devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"product_id": "devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"product_identification_helper": {
"purl": "pkg:oci/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/machineexec-rhel9\u0026tag=3.21-4"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"product": {
"name": "devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"product_id": "devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-operator-bundle\u0026tag=3.21-25"
}
}
},
{
"category": "product_version",
"name": "devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"product": {
"name": "devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"product_id": "devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"product_identification_helper": {
"purl": "pkg:oci/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/pluginregistry-rhel9\u0026tag=3.21-7"
}
}
},
{
"category": "product_version",
"name": "devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"product": {
"name": "devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"product_id": "devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"product_identification_helper": {
"purl": "pkg:oci/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/devspaces-rhel9-operator\u0026tag=3.21-6"
}
}
},
{
"category": "product_version",
"name": "devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"product": {
"name": "devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"product_id": "devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"product_identification_helper": {
"purl": "pkg:oci/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/server-rhel9\u0026tag=3.21-11"
}
}
},
{
"category": "product_version",
"name": "devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"product": {
"name": "devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"product_id": "devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/traefik-rhel9\u0026tag=3.21-1"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"product": {
"name": "devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"product_id": "devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-base-rhel9\u0026tag=latest"
}
}
},
{
"category": "product_version",
"name": "devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"product": {
"name": "devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"product_id": "devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"product_identification_helper": {
"purl": "pkg:oci/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315?arch=amd64\u0026repository_url=registry.redhat.io/devspaces/udi-rhel9\u0026tag=3.21-6"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64"
},
"product_reference": "devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le"
},
"product_reference": "devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x"
},
"product_reference": "devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le"
},
"product_reference": "devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64"
},
"product_reference": "devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64"
},
"product_reference": "devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le"
},
"product_reference": "devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x"
},
"product_reference": "devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x"
},
"product_reference": "devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x"
},
"product_reference": "devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x"
},
"product_reference": "devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le"
},
"product_reference": "devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le"
},
"product_reference": "devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x"
},
"product_reference": "devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64"
},
"product_reference": "devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x"
},
"product_reference": "devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le"
},
"product_reference": "devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64"
},
"product_reference": "devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le"
},
"product_reference": "devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x"
},
"product_reference": "devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x"
},
"product_reference": "devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64 as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64"
},
"product_reference": "devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x"
},
"product_reference": "devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"relates_to_product_reference": "9Base-RHOSDS-3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le as a component of Red Hat OpenShift Dev Spaces 3",
"product_id": "9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
},
"product_reference": "devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le",
"relates_to_product_reference": "9Base-RHOSDS-3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12905",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-03-27T17:02:14.911888+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the tar-fs package for Node.js. In affected versions, unauthorized file writes or overwrites outside the intended extraction directory can occur when extracting a maliciously crafted tar file. The issue is associated with index.js in the tar-fs package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: link following and path traversal via maliciously crafted tar file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an important severity because it allows attackers to extract a malicious tar file that can write or overwrite files outside the intended directory. This occurs due to improper handling of link resolution and pathname limitations. The risk is high for systems that automatically extract tar files, as it can lead to data corruption or unauthorized file modifications without user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12905"
},
{
"category": "external",
"summary": "RHBZ#2355460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed",
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
}
],
"release_date": "2025-03-27T16:25:34.410000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T02:39:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: link following and path traversal via maliciously crafted tar file"
},
{
"cve": "CVE-2024-45337",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2024-12-11T19:00:54.247490+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331720"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the x/crypto/ssh go library. Applications and libraries that misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. For example, an attacker may send public keys A and B and authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B, for which the attacker does not control the private key. The misuse of ServerConfig.PublicKeyCallback may cause an authorization bypass.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as important rather than critical because it does not directly enable unauthorized access but rather introduces a risk of authorization bypass if the application or library misuses the PublicKeyCallback API. The vulnerability relies on incorrect assumptions made by the application when handling the sequence or state of keys provided during SSH authentication. Properly implemented systems that use the Permissions field or avoid relying on external state remain unaffected. Additionally, the vulnerability does not allow direct exploitation to gain control over a system without the presence of insecure logic in the application\u0027s handling of authentication attempts.\n\n\nRed Hat Enterprise Linux(RHEL) 8 \u0026 9 and Red Hat Openshift marked as not affected as it was determined that the problem function `ServerConfig.PublicKeyCallback`, as noted in the CVE-2024-45337 issue, is not called by Podman, Buildah, containers-common, or the gvisor-tap-vsock projects.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45337"
},
{
"category": "external",
"summary": "RHBZ#2331720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331720"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45337",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45337"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45337"
},
{
"category": "external",
"summary": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909"
},
{
"category": "external",
"summary": "https://go.dev/cl/635315",
"url": "https://go.dev/cl/635315"
},
{
"category": "external",
"summary": "https://go.dev/issue/70779",
"url": "https://go.dev/issue/70779"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ",
"url": "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3321",
"url": "https://pkg.go.dev/vuln/GO-2024-3321"
}
],
"release_date": "2024-12-11T18:55:58.506000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T02:39:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto"
},
{
"cve": "CVE-2024-45410",
"cwe": {
"id": "CWE-348",
"name": "Use of Less Trusted Source"
},
"discovery_date": "2024-09-19T17:00:10.951603+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2313584"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Traefik. When a HTTP request is processed by Traefik, certain HTTP headers such as X-Forwarded-Host or X-Forwarded-Port are added by Traefik before the request is routed to the application. For a HTTP client, it should not be possible to remove or modify these headers. Since the application trusts the value of these headers, security implications might arise if they can be modified. For HTTP/1.1, however, it was found that some of theses custom headers can indeed be removed and in certain cases manipulated.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "traefik: HTTP client can manipulate custom HTTP headers that are added by Traefik",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in Traefik is important due to its impact on the integrity of HTTP headers that are often used for security-sensitive operations. When the X-Forwarded headers, such as X-Forwarded-Host or X-Forwarded-Tls-Client-Cert, can be removed or manipulated by the client, applications relying on these headers for trust validation, client authentication, or access control are exposed to potential privilege escalation or unauthorized access. The ability to bypass or alter these headers compromises the security model that many backend services depend on, particularly in reverse proxy or load balancer setups.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45410"
},
{
"category": "external",
"summary": "RHBZ#2313584",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2313584"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45410",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45410"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45410",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45410"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik",
"url": "https://github.com/traefik/traefik"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/commit/584144100524277829f26219baaab29a53b8134f",
"url": "https://github.com/traefik/traefik/commit/584144100524277829f26219baaab29a53b8134f"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v2.11.9",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.9"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/releases/tag/v3.1.3",
"url": "https://github.com/traefik/traefik/releases/tag/v3.1.3"
},
{
"category": "external",
"summary": "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-62c8-mh53-4cqv"
}
],
"release_date": "2024-09-19T14:48:10+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T02:39:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "traefik: HTTP client can manipulate custom HTTP headers that are added by Traefik"
},
{
"cve": "CVE-2025-22869",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-02-26T04:00:47.683125+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2348367"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang.org/x/crypto/ssh package. SSH clients and servers are vulnerable to increased resource consumption, possibly leading to memory exhaustion and a DoS. This can occur during key exchange when the other party is slow to respond during key exchange.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "While this flaw affects both SSH clients and servers implemented with golang.org/x/crypto/ssh, realistically the flaw will only lead to a DoS when transferring large files, greatly reducing the likelihood of exploitation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22869"
},
{
"category": "external",
"summary": "RHBZ#2348367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22869",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22869"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22869"
},
{
"category": "external",
"summary": "https://go.dev/cl/652135",
"url": "https://go.dev/cl/652135"
},
{
"category": "external",
"summary": "https://go.dev/issue/71931",
"url": "https://go.dev/issue/71931"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3487",
"url": "https://pkg.go.dev/vuln/GO-2025-3487"
}
],
"release_date": "2025-02-26T03:07:48.855000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T02:39:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
},
{
"category": "workaround",
"details": "This flaw can be mitigated when using the client only connecting to trusted servers.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh"
},
{
"cve": "CVE-2025-30204",
"cwe": {
"id": "CWE-405",
"name": "Asymmetric Resource Consumption (Amplification)"
},
"discovery_date": "2025-03-21T22:00:43.818367+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2354195"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the golang-jwt implementation of JSON Web Tokens (JWT). In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an application crash, leading to a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-30204"
},
{
"category": "external",
"summary": "RHBZ#2354195",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2354195"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-30204",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-30204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30204"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3",
"url": "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3"
},
{
"category": "external",
"summary": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp",
"url": "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3553",
"url": "https://pkg.go.dev/vuln/GO-2025-3553"
}
],
"release_date": "2025-03-21T21:42:01.382000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-28T02:39:39+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:8244"
},
{
"category": "workaround",
"details": "Red Hat Product Security does not have a recommended mitigation at this time.",
"product_ids": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"9Base-RHOSDS-3:devspaces-tech-preview/idea-rhel9@sha256:e57eccb97cb2329af1654e27ad2ad30bb30de70c496b0e6e4353d2d0ce9274b8_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:6f3737f74c7659d65af8fe9a7cab165f8cdb1554b8ff963352885e1d9014ff27_amd64",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:82d121266eb9adca7faa9af0da6c89323cfe24add67bcba759a6a81ca161ba2f_s390x",
"9Base-RHOSDS-3:devspaces-tech-preview/jetbrains-ide-rhel9@sha256:9a8899c791034c3395c081fbe55746021d372ea1ea3523f2a72bf7e31a2a4132_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:08f2e3cd088b9d1176e61f8017126ecaa7447ade3aede5d63e49bd678b5cc30b_s390x",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:d36fb4add09a1576207fe4b114f60142a43b351d218b1f5d0807bacc19c02915_ppc64le",
"9Base-RHOSDS-3:devspaces/code-rhel9@sha256:e48a0e27d13aff1bc60facd4ef3bd875f3b9c68b33c5d9be86dcf2fb46971d24_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:403b6c1ddb3fe9337fc1f83129d0b9e51dc18948df29f94212e291246b828e90_amd64",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:97544fe3e08648e8f0aec09dda768e884b0c213be0b833568747c797d492bb42_ppc64le",
"9Base-RHOSDS-3:devspaces/configbump-rhel9@sha256:a47dcbcc9292e09c31ad8df74d54b58aa03db782700937365434407029c586d7_s390x",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:4fb48f0964049b6e56c71cac4973c8ec4ae53b3248ec842e58ec499736e3ffb7_ppc64le",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:bbb3292a84927c24cdef7aaff704cc12560172ba0c55021bf397d92f0f8c04c8_amd64",
"9Base-RHOSDS-3:devspaces/dashboard-rhel9@sha256:f894dcaddbc0dd33c9e524e33bf54416f08dd328838bbe2c869eb7201cf7ef1a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:b05f216166a75a5ae3f56495ea4f47a6c3b91d5405360cd991f7c9d545491150_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:ba152d33e05c8d53dd9c39249ba9756418619ff784ef1e4cb296a7aa1a33adfd_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-operator-bundle@sha256:f463c35bfe9daac4929295c610f07935ff9655793b72d5fd040944fad8307c9a_s390x",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:0cfde874c304561625ac5a838df9d90514bafddd5af6f7ed38f1476475497df3_amd64",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:23280e408cce44be3fc8ebf244b19f5e386da1e6fab218a1a3ee8a1748f132f9_ppc64le",
"9Base-RHOSDS-3:devspaces/devspaces-rhel9-operator@sha256:e2b9c33d133573a466fead6c5f904d7ef31ba96d5fce1a619f3ff8c47d86a9da_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:4e11c662d89bb01653f32ed2f3bc66a67be8a1464e267a564a30e36d047b46a6_s390x",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:899c0fa0d3035a2da050c9dc765d2d5a1e79969ac8e5fe772e6dab003940c4b4_amd64",
"9Base-RHOSDS-3:devspaces/imagepuller-rhel9@sha256:8de9e91840963be836e62c27395e7c37ebe1e908770a817197cb938fcf1777dc_ppc64le",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:0ce141da5a9eec8fd61d6beee7c993ed4731a4b25501fd3a8f261a4aeab2ccda_amd64",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:60f6c9724b2c7e773654d7fd176829661420b6a3eb9df7f72c3560e7890fe691_s390x",
"9Base-RHOSDS-3:devspaces/machineexec-rhel9@sha256:ac07b6bc8c311b357ab5e0545a2b80aa567c2f76b9ed01a3d382b5685b688c83_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:4c5430c1e53219652c27d861d7a7d577097db0dad05ded83b814275cb9a6cad2_ppc64le",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:7107f9bf1082a528e0f3af30a5b02e26a770b3430600596e37bebafa18fd0786_amd64",
"9Base-RHOSDS-3:devspaces/pluginregistry-rhel9@sha256:989fc72b261f44374f16ba8aa190791d04da8b295933f724a00bc31a84efd89e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:52ea2c5e3244363b1d131b8551c10abc687b18f95ca5b9f561f79041a6f06c21_amd64",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:ae275fed16fdc724d0e48659c3de940e4af3e0722d3b5d465634d31f5a2a972e_s390x",
"9Base-RHOSDS-3:devspaces/server-rhel9@sha256:edae16c9f7a40feaf051b22a05945fd3a51033d031b742346105cff657848881_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:24a8578aa65eaeb3fbbc4809db2bd8e57cd76cc6a96d94ce67aa22f1b5d4a4a5_amd64",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:2a9c66e55371adf209b5b317068e63cfbd9b3e27da9de210250607da8b3ffdff_ppc64le",
"9Base-RHOSDS-3:devspaces/traefik-rhel9@sha256:90df466eef849a4fd6846345273968f875397d72f24c38445058d462d861ca9c_s390x",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:25b8dab260796cc1962ef2c31a6c8b98e258b1a9e8b13580da798a0074acd4e8_amd64",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:89d858f949b7bbc4502109ff8ab3cf0f416ad1a4c9432924669fc30eeba26b86_ppc64le",
"9Base-RHOSDS-3:devspaces/udi-base-rhel9@sha256:e1b46dd642b4391ece60c7bc3bb062ba81c3c975cb3723ade62f5a230a43ed5d_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:c98bbca9019281daafac3fb0ac3590258ca5c93ecc954e5127c1c99db4aa0315_amd64",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:e6d836b45dfb32da1a94114ab9908251da24adeeca932de89ba0e23d4f104e22_s390x",
"9Base-RHOSDS-3:devspaces/udi-rhel9@sha256:f6be90596ba55531a1ef7acf4041ed2828d4fe8a3cdd4e8b251bf4929bd19700_ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing"
}
]
}
rhsa-2025:7626
Vulnerability from csaf_redhat
Published
2025-05-14 17:51
Modified
2025-08-18 05:53
Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.6.0 release.
Notes
Topic
Red Hat Developer Hub 1.6.0 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.6.0 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:7626",
"url": "https://access.redhat.com/errata/RHSA-2025:7626"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-12905",
"url": "https://access.redhat.com/security/cve/CVE-2024-12905"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-21534",
"url": "https://access.redhat.com/security/cve/CVE-2024-21534"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-26791",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-29775",
"url": "https://access.redhat.com/security/cve/CVE-2025-29775"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7626.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.6.0 release.",
"tracking": {
"current_release_date": "2025-08-18T05:53:09+00:00",
"generator": {
"date": "2025-08-18T05:53:09+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:7626",
"initial_release_date": "2025-05-14T17:51:56+00:00",
"revision_history": [
{
"date": "2025-05-14T17:51:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-06-12T18:08:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-18T05:53:09+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.6",
"product": {
"name": "Red Hat Developer Hub 1.6",
"product_id": "Red Hat Developer Hub 1.6",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.6::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3Ab6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.6.0-1745956724"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.6.0-1745956395"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.6.0-1745970106"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64 as a component of Red Hat Developer Hub 1.6",
"product_id": "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64 as a component of Red Hat Developer Hub 1.6",
"product_id": "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64 as a component of Red Hat Developer Hub 1.6",
"product_id": "Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12905",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2025-03-27T17:02:14.911888+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355460"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the tar-fs package for Node.js. In affected versions, unauthorized file writes or overwrites outside the intended extraction directory can occur when extracting a maliciously crafted tar file. The issue is associated with index.js in the tar-fs package.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar-fs: link following and path traversal via maliciously crafted tar file",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an important severity because it allows attackers to extract a malicious tar file that can write or overwrite files outside the intended directory. This occurs due to improper handling of link resolution and pathname limitations. The risk is high for systems that automatically extract tar files, as it can lead to data corruption or unauthorized file modifications without user interaction.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-12905"
},
{
"category": "external",
"summary": "RHBZ#2355460",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355460"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-12905",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-12905"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905"
},
{
"category": "external",
"summary": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed",
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
}
],
"release_date": "2025-03-27T16:25:34.410000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-14T17:51:56+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7626"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "tar-fs: link following and path traversal via maliciously crafted tar file"
},
{
"cve": "CVE-2024-21534",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-10-11T06:00:50.977825+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2317968"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jsonpath-plus. This vulnerability allows remote code execution via improper input sanitisation and unsafe default usage of the vm module in Node.js. Attackers can exploit this by executing arbitrary code through the unsafe use of the vm module in Node.js, which allows for malicious code injection. This issue occurs due to the way jsonpath-plus evaluates JSON paths using vm, a Node.js module that allows code execution. If user input is not properly sanitized, an attacker can craft JSON paths that execute dangerous commands, such as reading sensitive files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat\u0027s initial impact rating of critical has been downgraded to low. While the vulnerable code is technically still present within Red Hat products, there are no code paths in affected products which allow exploitation. As such, the impact to Red Hat products is low.\n\nEach of the products listed have multiple components where a fixed build could occur. This distinction does not matter for users as only one build needs fixed for the product. Additionally, in Red Hat OpenShift AI, jsonpath-plus is a dependency of a direct dependency and is never loaded, as the direct dependency\u0027s feature that requires jsonpath-plus is not used.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-21534"
},
{
"category": "external",
"summary": "RHBZ#2317968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317968"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-21534",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21534"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21534"
},
{
"category": "external",
"summary": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3",
"url": "https://github.com/JSONPath-Plus/JSONPath/commit/6b2f1b4c234292c75912b790bf7e2d7339d4ccd3"
},
{
"category": "external",
"summary": "https://github.com/JSONPath-Plus/JSONPath/issues/226",
"url": "https://github.com/JSONPath-Plus/JSONPath/issues/226"
},
{
"category": "external",
"summary": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884",
"url": "https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-7945884"
}
],
"release_date": "2024-10-11T05:00:01.824000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-14T17:51:56+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7626"
},
{
"category": "workaround",
"details": "Red Hat Product Security recommends updating the vulnerable software to the latest version.",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "jsonpath-plus: Remote Code Execution in jsonpath-plus via Improper Input Sanitization"
},
{
"cve": "CVE-2025-26791",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-02-14T09:00:45.578144+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2345695"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in DOMPurify. This vulnerability allows attackers to execute mutation-based Cross-site scripting (mXSS) via an incorrect template literal regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-26791"
},
{
"category": "external",
"summary": "RHBZ#2345695",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345695"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-26791",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-26791"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26791"
},
{
"category": "external",
"summary": "https://ensy.zip/posts/dompurify-323-bypass/",
"url": "https://ensy.zip/posts/dompurify-323-bypass/"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02",
"url": "https://github.com/cure53/DOMPurify/commit/d18ffcb554e0001748865da03ac75dd7829f0f02"
},
{
"category": "external",
"summary": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4",
"url": "https://github.com/cure53/DOMPurify/releases/tag/3.2.4"
},
{
"category": "external",
"summary": "https://nsysean.github.io/posts/dompurify-323-bypass/",
"url": "https://nsysean.github.io/posts/dompurify-323-bypass/"
}
],
"release_date": "2025-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-14T17:51:56+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7626"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dompurify: Mutation XSS in DOMPurify Due to Improper Template Literal Handling"
},
{
"cve": "CVE-2025-29775",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-03-14T18:01:22.409532+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2352600"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-29775"
},
{
"category": "external",
"summary": "RHBZ#2352600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3",
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3"
}
],
"release_date": "2025-03-14T17:11:05.590000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-05-14T17:51:56+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:7626"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:b6bf7ded5e146f60141840bb2e42e72125c61af0f3d3c3fbf48b35bc670675fe_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:3da4799b9a79f688ca55ec85d0b3e28348dbc2661e82110aedbf27dfa97f49e1_amd64",
"Red Hat Developer Hub 1.6:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:8b723ad5171dd98d9f4d551d80fc883ecf6f8bbc8178911bd04dd1590980681f_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment"
}
]
}
ghsa-pq67-2wwv-3xjx
Vulnerability from github
Published
2025-03-27 18:31
Modified
2025-05-20 17:57
Severity ?
VLAI Severity ?
Summary
tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File
Details
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.
This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.7.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.16.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.0"
},
{
"fixed": "2.1.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "tar-fs"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.0.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-12905"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-28T22:11:42Z",
"nvd_published_at": "2025-03-27T17:15:53Z",
"severity": "HIGH"
},
"details": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.7.",
"id": "GHSA-pq67-2wwv-3xjx",
"modified": "2025-05-20T17:57:26Z",
"published": "2025-03-27T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12905"
},
{
"type": "WEB",
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
},
{
"type": "PACKAGE",
"url": "https://github.com/mafintosh/tar-fs"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "tar-fs Vulnerable to Link Following and Path Traversal via Extracting a Crafted tar File"
}
fkie_cve-2024-12905
Vulnerability from fkie_nvd
Published
2025-03-27 17:15
Modified
2025-04-20 16:15
Severity ?
Summary
An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.
This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8."
},
{
"lang": "es",
"value": "Resoluci\u00f3n incorrecta de enlaces antes del acceso a archivos (\"Link Following\") y limitaci\u00f3n incorrecta de una ruta a un directorio restringido (\"Path Traversal\"). Esta vulnerabilidad se produce al extraer un archivo tar manipulado con fines maliciosos, lo que puede provocar escrituras o sobrescrituras no autorizadas de archivos fuera del directorio de extracci\u00f3n previsto. El problema est\u00e1 asociado con index.js en el paquete tar-fs. Este problema afecta a tar-fs: desde la versi\u00f3n 0.0.0 hasta la 1.16.4, desde la versi\u00f3n 2.0.0 hasta la 2.1.2, desde la versi\u00f3n 3.0.0 hasta la 3.0.8."
}
],
"id": "CVE-2024-12905",
"lastModified": "2025-04-20T16:15:13.913",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"type": "Secondary"
}
]
},
"published": "2025-03-27T17:15:53.250",
"references": [
{
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
},
{
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"url": "https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs"
}
],
"sourceIdentifier": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"type": "Secondary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…