Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-29774 (GCVE-0-2025-29774)
Vulnerability from cvelistv5
Published
2025-03-14 17:05
Modified
2025-03-15 20:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-347 - Improper Verification of Cryptographic Signature
Summary
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| node-saml | xml-crypto |
Version: >= 4.0.0, < 6.0.1 Version: >= 3.0.0, < 3.2.1 Version: < 2.1.6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29774",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T18:36:19.111763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T18:40:50.828Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-15T20:50:21.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://workos.com/blog/samlstorm"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "xml-crypto",
"vendor": "node-saml",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 6.0.1"
},
{
"status": "affected",
"version": "\u003e= 3.0.0, \u003c 3.2.1"
},
{
"status": "affected",
"version": "\u003c 2.1.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347: Improper Verification of Cryptographic Signature",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T17:05:53.943Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g"
},
{
"name": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"name": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"name": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"name": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"name": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"name": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
}
],
"source": {
"advisory": "GHSA-9p8x-f768-wp2g",
"discovery": "UNKNOWN"
},
"title": "xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-29774",
"datePublished": "2025-03-14T17:05:53.943Z",
"dateReserved": "2025-03-11T14:23:00.474Z",
"dateUpdated": "2025-03-15T20:50:21.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-29774\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-03-14T17:15:52.870\",\"lastModified\":\"2025-03-15T21:15:35.250\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.\"},{\"lang\":\"es\",\"value\":\"xml-crypto es una librer\u00eda de firma digital y cifrado XML para Node.js. Un atacante podr\u00eda explotar una vulnerabilidad en versiones anteriores a la 6.0.1, 3.2.1 y 2.1.6 para eludir los mecanismos de autenticaci\u00f3n o autorizaci\u00f3n en sistemas que dependen de xml-crypto para verificar documentos XML firmados. Esta vulnerabilidad permite a un atacante modificar un mensaje XML firmado v\u00e1lido de forma que a\u00fan supere las comprobaciones de verificaci\u00f3n de firma. Por ejemplo, podr\u00eda utilizarse para alterar atributos cr\u00edticos de identidad o control de acceso, lo que permitir\u00eda a un atacante con una cuenta v\u00e1lida escalar privilegios o suplantar la identidad de otro usuario. Los usuarios de las versiones 6.0.0 y anteriores deben actualizar a la versi\u00f3n 6.0.1 para obtener una correcci\u00f3n. Quienes a\u00fan utilicen las versiones 2.x o 3.x deben actualizar a las versiones 2.1.6 o 3.2.1, respectivamente.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.3,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-347\"}]}],\"references\":[{\"url\":\"https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://workos.com/blog/samlstorm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://workos.com/blog/samlstorm\"}], \"x_generator\": {\"engine\": \"ADPogram 0.0.1\"}, \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-03-15T20:50:21.614Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-29774\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-14T18:36:19.111763Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-14T18:40:39.385Z\"}}], \"cna\": {\"title\": \"xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References\", \"source\": {\"advisory\": \"GHSA-9p8x-f768-wp2g\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 9.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"node-saml\", \"product\": \"xml-crypto\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.0.0, \u003c 6.0.1\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.0.0, \u003c 3.2.1\"}, {\"status\": \"affected\", \"version\": \"\u003c 2.1.6\"}]}], \"references\": [{\"url\": \"https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g\", \"name\": \"https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed\", \"name\": \"https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98\", \"name\": \"https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07\", \"name\": \"https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6\", \"name\": \"https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1\", \"name\": \"https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1\", \"name\": \"https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-347\", \"description\": \"CWE-347: Improper Verification of Cryptographic Signature\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-03-14T17:05:53.943Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-29774\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-15T20:50:21.614Z\", \"dateReserved\": \"2025-03-11T14:23:00.474Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-03-14T17:05:53.943Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
rhsa-2025:3595
Vulnerability from csaf_redhat
Published
2025-04-03 15:16
Modified
2025-08-20 22:10
Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.4.3 release.
Notes
Topic
Red Hat Developer Hub 1.4.3 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.4.3 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3595",
"url": "https://access.redhat.com/errata/RHSA-2025:3595"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-27516",
"url": "https://access.redhat.com/security/cve/CVE-2025-27516"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-29774",
"url": "https://access.redhat.com/security/cve/CVE-2025-29774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-29775",
"url": "https://access.redhat.com/security/cve/CVE-2025-29775"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3595.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.4.3 release.",
"tracking": {
"current_release_date": "2025-08-20T22:10:16+00:00",
"generator": {
"date": "2025-08-20T22:10:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:3595",
"initial_release_date": "2025-04-03T15:16:21+00:00",
"revision_history": [
{
"date": "2025-04-03T15:16:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-03T15:16:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-20T22:10:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product": {
"name": "Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.4::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub (RHDH)"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.4.3-1743652461"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3A390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.4.3-1743648196"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3A093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719?arch=amd64\u0026repository_url=registry.redhat.io/rhdh\u0026tag=1.4.3-1743659048"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64 as a component of Red Hat Developer Hub (RHDH) 1.4",
"product_id": "Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64",
"relates_to_product_reference": "Red Hat Developer Hub (RHDH) 1.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-27516",
"cwe": {
"id": "CWE-1336",
"name": "Improper Neutralization of Special Elements Used in a Template Engine"
},
"discovery_date": "2025-03-05T21:01:07.674606+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2350190"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja\u0027s sandbox does catch calls to `str.format` and ensures they don\u0027t escape the sandbox. However, it\u0027s possible to use the `|attr` filter to get a reference to a string\u0027s plain format method, bypassing the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja sandbox breakout through attr filter selecting format method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity due to the potential for an attacker to bypass Jinja\u0027s sandbox by exploiting the |attr filter, by controlling template content, an attacker can execute arbitrary Python code, impacting the integrity, confidentiality, and availability of the system. While the attack requires user interaction to trigger untrusted templates, the risk is significant in applications that allow such templates to be executed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27516"
},
{
"category": "external",
"summary": "RHBZ#2350190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27516"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403",
"url": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7"
}
],
"release_date": "2025-03-05T20:40:06.568000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-03T15:16:21+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3595"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jinja2: Jinja sandbox breakout through attr filter selecting format method"
},
{
"cve": "CVE-2025-29774",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-03-14T18:01:09.149253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2352596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-29774"
},
{
"category": "external",
"summary": "RHBZ#2352596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-29774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-29774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29774"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g",
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g"
}
],
"release_date": "2025-03-14T17:05:53.943000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-03T15:16:21+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3595"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References"
},
{
"cve": "CVE-2025-29775",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-03-14T18:01:22.409532+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2352600"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-29775"
},
{
"category": "external",
"summary": "RHBZ#2352600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3",
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3"
}
],
"release_date": "2025-03-14T17:11:05.590000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-04-03T15:16:21+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3595"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:577bd1595325229ba368ad2ece71faf31aec93c088e76c4bba507bf67e41753a_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:093c6a66d4faa1d980e4319a048db8b2869eba8f13f40f02615d6696257e6719_amd64",
"Red Hat Developer Hub (RHDH) 1.4:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:390855c371faf70fcb11c47177ca9a8d360ba633732c2c8018f9dbc25c5d5047_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment"
}
]
}
rhsa-2025:3374
Vulnerability from csaf_redhat
Published
2025-03-27 20:51
Modified
2025-08-20 22:10
Summary
Red Hat Security Advisory: Red Hat Developer Hub 1.5.1 release.
Notes
Topic
Red Hat Developer Hub 1.5.1 has been released.
Details
Red Hat Developer Hub (RHDH) is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat Developer Hub 1.5.1 has been released.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Developer Hub (RHDH) is Red Hat\u0027s enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters (AKS, EKS, GKE). The core features of RHDH include a single pane of glass, a centralized software catalog, self-service via golden path templates, and Tech Docs. RHDH is extensible by plugins.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:3374",
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-45338",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-47068",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-52798",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-55565",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56201",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56326",
"url": "https://access.redhat.com/security/cve/CVE-2024-56326"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-56334",
"url": "https://access.redhat.com/security/cve/CVE-2024-56334"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-22150",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-29774",
"url": "https://access.redhat.com/security/cve/CVE-2025-29774"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-29775",
"url": "https://access.redhat.com/security/cve/CVE-2025-29775"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/cve-2025-27516",
"url": "https://access.redhat.com/security/cve/cve-2025-27516"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh",
"url": "https://catalog.redhat.com/search?gs\u0026searchType=containers\u0026q=rhdh"
},
{
"category": "external",
"summary": "https://developers.redhat.com/rhdh/overview",
"url": "https://developers.redhat.com/rhdh/overview"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_developer_hub",
"url": "https://docs.redhat.com/en/documentation/red_hat_developer_hub"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_3374.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Developer Hub 1.5.1 release.",
"tracking": {
"current_release_date": "2025-08-20T22:10:05+00:00",
"generator": {
"date": "2025-08-20T22:10:05+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2025:3374",
"initial_release_date": "2025-03-27T20:51:32+00:00",
"revision_history": [
{
"date": "2025-03-27T20:51:32+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-04-03T20:51:32+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-20T22:10:05+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Developer Hub 1.5",
"product": {
"name": "Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhdh:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Developer Hub"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-hub-rhel9@sha256%3A56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-rhel9-operator@sha256%3Afb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"product": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"product_id": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhdh-operator-bundle@sha256%3Ac870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5?arch=amd64\u0026repository_url=registry.redhat.io/rhdh"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64 as a component of Red Hat Developer Hub 1.5",
"product_id": "Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
},
"product_reference": "registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64",
"relates_to_product_reference": "Red Hat Developer Hub 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-45338",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2024-12-18T21:00:59.938173+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333122"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang.org/x/net/html. This flaw allows an attacker to craft input to the parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This issue can cause a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as an Important severity because an attacker can craft malicious input that causes the parsing functions to process data non-linearly, resulting in significant delays which leads to a denial of service by exhausting system resources.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-45338"
},
{
"category": "external",
"summary": "RHBZ#2333122",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333122"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-45338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45338"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45338"
},
{
"category": "external",
"summary": "https://go.dev/cl/637536",
"url": "https://go.dev/cl/637536"
},
{
"category": "external",
"summary": "https://go.dev/issue/70906",
"url": "https://go.dev/issue/70906"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ",
"url": "https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2024-3333",
"url": "https://pkg.go.dev/vuln/GO-2024-3333"
}
],
"release_date": "2024-12-18T20:38:22.660000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html"
},
{
"cve": "CVE-2024-47068",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2024-09-23T16:20:20.383320+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2314249"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Rollup module bundler for JavaScript. Certain versions are susceptible to a DOM Clobbering vulnerability when bundling scripts with properties from `import.meta` such as `import.meta.url` in the `cjs`/`umd`/`iife` format. The DOM Clobbering gadget can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements are present, for example, an `img` tag with an unsanitized `name` attribute.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is classified as moderate severity rather than important because it requires a specific and relatively uncommon attack vector to exploit\u2014namely, attacker-controlled scriptless HTML elements, such as an unsanitized name attribute in an img tag, which are typically less prevalent in well-maintained web applications. Additionally, the impact is limited to scenarios where import.meta is improperly handled in specific module formats (`cjs`, `umd`, `iife`), and the vulnerability can only lead to cross-site scripting (XSS) under specific conditions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-47068"
},
{
"category": "external",
"summary": "RHBZ#2314249",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314249"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-47068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47068"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L157-L162"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185",
"url": "https://github.com/rollup/rollup/blob/b86ffd776cfa906573d36c3f019316d02445d9ef/src/ast/nodes/MetaProperty.ts#L180-L185"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4",
"url": "https://github.com/rollup/rollup/commit/2ef77c00ec2635d42697cff2c0567ccc8db34fb4"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541",
"url": "https://github.com/rollup/rollup/commit/e2552c9e955e0a61f70f508200ee9f752f85a541"
},
{
"category": "external",
"summary": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm",
"url": "https://github.com/rollup/rollup/security/advisories/GHSA-gcx4-mw62-g8wm"
}
],
"release_date": "2024-09-23T16:15:06.947000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "rollup: DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS"
},
{
"cve": "CVE-2024-52798",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2024-12-05T23:00:59.020167+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2330689"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability exists because of an incomplete fix for CVE-2024-45296.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-52798"
},
{
"category": "external",
"summary": "RHBZ#2330689",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2330689"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-52798",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-52798"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52798"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4",
"url": "https://github.com/pillarjs/path-to-regexp/commit/f01c26a013b1889f0c217c643964513acf17f6a4"
},
{
"category": "external",
"summary": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w",
"url": "https://github.com/pillarjs/path-to-regexp/security/advisories/GHSA-rhx6-c78j-4q9w"
}
],
"release_date": "2024-12-05T22:45:42.774000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Avoid using two parameters within a single path segment when the separator is not, for example, /:a-:b. Alternatively, you can define the regex used for both parameters and ensure they do not overlap to allow backtracking.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "path-to-regexp: path-to-regexp Unpatched `path-to-regexp` ReDoS in 0.1.x"
},
{
"cve": "CVE-2024-55565",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2024-12-09T02:00:45.255738+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2331063"
}
],
"notes": [
{
"category": "description",
"text": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nanoid: nanoid mishandles non-integer values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-55565"
},
{
"category": "external",
"summary": "RHBZ#2331063",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331063"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-55565",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-55565"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55565"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/pull/510",
"url": "https://github.com/ai/nanoid/pull/510"
},
{
"category": "external",
"summary": "https://github.com/ai/nanoid/releases/tag/5.0.9",
"url": "https://github.com/ai/nanoid/releases/tag/5.0.9"
}
],
"release_date": "2024-12-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nanoid: nanoid mishandles non-integer values"
},
{
"cve": "CVE-2024-56201",
"cwe": {
"id": "CWE-150",
"name": "Improper Neutralization of Escape, Meta, or Control Sequences"
},
"discovery_date": "2024-12-23T16:00:38.768252+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333854"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jinja2 package. A bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of Jinja\u0027s sandbox being used. An attacker needs to be able to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates where the template author can also choose the template filename.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja has a sandbox breakout through malicious filenames",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has rated as a IMPORTANT flaw because an attacker controlling both the template content and filename to execute arbitrary Python code, bypassing the sandbox.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56201"
},
{
"category": "external",
"summary": "RHBZ#2333854",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333854"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56201"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f",
"url": "https://github.com/pallets/jinja/commit/767b23617628419ae3709ccfb02f9602ae9fe51f"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/issues/1792",
"url": "https://github.com/pallets/jinja/issues/1792"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.5",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.5"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699"
}
],
"release_date": "2024-12-23T15:37:36.110000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "To mitigate this vulnerabilty restrict user-controlled template filenames, ensuring they follow a predefined templates.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jinja2: Jinja has a sandbox breakout through malicious filenames"
},
{
"cve": "CVE-2024-56326",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"discovery_date": "2024-12-23T16:00:46.619763+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333856"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Jinja package. In affected versions of Jinja, an oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja\u0027s sandbox does catch calls to str.format and ensures they don\u0027t escape the sandbox. However, storing a reference to a malicious string\u0027s format method is possible, then passing that to a filter that calls it. No such filters are built into Jinja but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja has a sandbox breakout through indirect reference to format method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as Moderate due to an oversight in Jinja\u0027s sandbox environment, allowing attackers to execute arbitrary Python code through controlled template content. This requires control over template content, making exploitation possible only in specific applications, thus limiting its overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56326"
},
{
"category": "external",
"summary": "RHBZ#2333856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333856"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56326",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56326"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4",
"url": "https://github.com/pallets/jinja/commit/48b0687e05a5466a91cd5812d604fa37ad0943b4"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/releases/tag/3.1.5",
"url": "https://github.com/pallets/jinja/releases/tag/3.1.5"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h"
}
],
"release_date": "2024-12-23T15:43:49.400000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jinja2: Jinja has a sandbox breakout through indirect reference to format method"
},
{
"cve": "CVE-2024-56334",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2024-12-20T21:00:48.166699+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2333587"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the systeminformation library for Node.js. In Windows systems, the SSID parameter of the `getWindowsIEEE8021x` function is not sanitized before it is passed to cmd.exe. This may allow a remote attacker to execute arbitrary commands on the target system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "systeminformation: Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in the systeminformation library is marked as a high-severity issue because it allows for the execution of arbitrary commands via an unsanitized SSID input passed to `cmd.exe`. Since this flaw can lead to remote code execution (RCE) or local privilege escalation, it provides an attacker with the potential to execute malicious scripts on the affected system.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-56334"
},
{
"category": "external",
"summary": "RHBZ#2333587",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333587"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-56334",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56334"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-56334",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56334"
},
{
"category": "external",
"summary": "https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41",
"url": "https://github.com/sebhildebrandt/systeminformation/commit/f7af0a67b78e7894335a6cad510566a25e06ae41"
},
{
"category": "external",
"summary": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m",
"url": "https://github.com/sebhildebrandt/systeminformation/security/advisories/GHSA-cvv5-9h9w-qp2m"
}
],
"release_date": "2024-12-20T20:10:12.578000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "systeminformation: Command injection vulnerability in getWindowsIEEE8021x (SSID) function in systeminformation"
},
{
"cve": "CVE-2025-22150",
"cwe": {
"id": "CWE-330",
"name": "Use of Insufficiently Random Values"
},
"discovery_date": "2025-01-21T18:01:24.182126+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the undici package for Node.js. Undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If an app has a mechanism that sends multipart requests to an attacker-controlled website, it can leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undici: Undici Uses Insufficiently Random Values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-22150"
},
{
"category": "external",
"summary": "RHBZ#2339176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-22150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22150"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22150"
},
{
"category": "external",
"summary": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f",
"url": "https://blog.securityevaluators.com/hacking-the-javascript-lottery-80cc437e3b7f"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113",
"url": "https://github.com/nodejs/undici/blob/8b06b8250907d92fead664b3368f1d2aa27c1f35/lib/web/fetch/body.js#L113"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0",
"url": "https://github.com/nodejs/undici/commit/711e20772764c29f6622ddc937c63b6eefdf07d0"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a",
"url": "https://github.com/nodejs/undici/commit/c2d78cd19fe4f4c621424491e26ce299e65e934a"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385",
"url": "https://github.com/nodejs/undici/commit/c3acc6050b781b827d80c86cbbab34f14458d385"
},
{
"category": "external",
"summary": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975",
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-c76h-2ccp-4975"
},
{
"category": "external",
"summary": "https://hackerone.com/reports/2913312",
"url": "https://hackerone.com/reports/2913312"
}
],
"release_date": "2025-01-21T17:46:58.872000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "undici: Undici Uses Insufficiently Random Values"
},
{
"cve": "CVE-2025-27516",
"cwe": {
"id": "CWE-1336",
"name": "Improper Neutralization of Special Elements Used in a Template Engine"
},
"discovery_date": "2025-03-05T21:01:07.674606+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2350190"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Jinja. In affected versions, an oversight in how the Jinja sandboxed environment interacts with the `|attr` filter allows an attacker who controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications that execute untrusted templates. Jinja\u0027s sandbox does catch calls to `str.format` and ensures they don\u0027t escape the sandbox. However, it\u0027s possible to use the `|attr` filter to get a reference to a string\u0027s plain format method, bypassing the sandbox.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jinja2: Jinja sandbox breakout through attr filter selecting format method",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity due to the potential for an attacker to bypass Jinja\u0027s sandbox by exploiting the |attr filter, by controlling template content, an attacker can execute arbitrary Python code, impacting the integrity, confidentiality, and availability of the system. While the attack requires user interaction to trigger untrusted templates, the risk is significant in applications that allow such templates to be executed.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27516"
},
{
"category": "external",
"summary": "RHBZ#2350190",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2350190"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27516",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27516"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27516",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27516"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403",
"url": "https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403"
},
{
"category": "external",
"summary": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7",
"url": "https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7"
}
],
"release_date": "2025-03-05T20:40:06.568000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jinja2: Jinja sandbox breakout through attr filter selecting format method"
},
{
"cve": "CVE-2025-29774",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-03-14T18:01:09.149253+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2352596"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-29774"
},
{
"category": "external",
"summary": "RHBZ#2352596",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352596"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-29774",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29774"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-29774",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29774"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g",
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g"
}
],
"release_date": "2025-03-14T17:05:53.943000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References"
},
{
"cve": "CVE-2025-29775",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2025-03-14T18:01:22.409532+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2352600"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xml-crypto library for Node.js. An attacker can exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto to verify signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"known_not_affected": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-29775"
},
{
"category": "external",
"summary": "RHBZ#2352600",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2352600"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-29775",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-29775"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29775"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed",
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98",
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07",
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
},
{
"category": "external",
"summary": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3",
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-x3m8-899r-f7c3"
}
],
"release_date": "2025-03-14T17:11:05.590000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-03-27T20:51:32+00:00",
"details": "For more about Red Hat Developer Hub, see References links",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:3374"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-hub-rhel9@sha256:56bfbb2328f42e91d0462e142f3434e5d771737defbc07d8a21dbdf50e468665_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-operator-bundle@sha256:c870eb3d17807a9d04011df5244ea39db66af76aefd0af68244c95ed8322d8b5_amd64",
"Red Hat Developer Hub 1.5:registry.redhat.io/rhdh/rhdh-rhel9-operator@sha256:fb4e2008ce87732246bebff004496125f7562b10a60f01eda658e4266d9d0158_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "xml-crypto: xml-crypto Vulnerable to XML Signature Verification Bypass via DigestValue Comment"
}
]
}
fkie_cve-2025-29774
Vulnerability from fkie_nvd
Published
2025-03-14 17:15
Modified
2025-03-15 21:15
Severity ?
Summary
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security-advisories@github.com | https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed | ||
| security-advisories@github.com | https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98 | ||
| security-advisories@github.com | https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07 | ||
| security-advisories@github.com | https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6 | ||
| security-advisories@github.com | https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1 | ||
| security-advisories@github.com | https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1 | ||
| security-advisories@github.com | https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://workos.com/blog/samlstorm |
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user. Users of versions 6.0.0 and prior should upgrade to version 6.0.1 to receive a fix. Those who are still using v2.x or v3.x should upgrade to patched versions 2.1.6 or 3.2.1, respectively."
},
{
"lang": "es",
"value": "xml-crypto es una librer\u00eda de firma digital y cifrado XML para Node.js. Un atacante podr\u00eda explotar una vulnerabilidad en versiones anteriores a la 6.0.1, 3.2.1 y 2.1.6 para eludir los mecanismos de autenticaci\u00f3n o autorizaci\u00f3n en sistemas que dependen de xml-crypto para verificar documentos XML firmados. Esta vulnerabilidad permite a un atacante modificar un mensaje XML firmado v\u00e1lido de forma que a\u00fan supere las comprobaciones de verificaci\u00f3n de firma. Por ejemplo, podr\u00eda utilizarse para alterar atributos cr\u00edticos de identidad o control de acceso, lo que permitir\u00eda a un atacante con una cuenta v\u00e1lida escalar privilegios o suplantar la identidad de otro usuario. Los usuarios de las versiones 6.0.0 y anteriores deben actualizar a la versi\u00f3n 6.0.1 para obtener una correcci\u00f3n. Quienes a\u00fan utilicen las versiones 2.x o 3.x deben actualizar a las versiones 2.1.6 o 3.2.1, respectivamente."
}
],
"id": "CVE-2025-29774",
"lastModified": "2025-03-15T21:15:35.250",
"metrics": {
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2025-03-14T17:15:52.870",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
},
{
"source": "security-advisories@github.com",
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://workos.com/blog/samlstorm"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}
ghsa-9p8x-f768-wp2g
Vulnerability from github
Published
2025-03-14 17:14
Modified
2025-03-16 21:34
Severity ?
VLAI Severity ?
Summary
xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References
Details
Impact
An attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user.
Patches
All versions <= 6.0.0 are affected. Please upgrade to version 6.0.1.
If you are still using v2.x or v3.x please upgrade to the associated patch version.
Indicators of Compromise
When logging XML payloads, check for the following indicators. If the payload includes encrypted elements, ensure you analyze the decrypted version for a complete assessment. (If encryption is not used, analyze the original XML document directly). This applies to various XML-based authentication and authorization flows, such as SAML Response payloads.
Multiple SignedInfo Nodes
There should not be more than one SignedInfo node inside a Signature. If you find multiple SignedInfo nodes, it could indicate an attack.
xml
<Signature>
<SomeNode>
<SignedInfo>
<Reference URI="somefakereference">
<DigestValue>forgeddigestvalue</DigestValue>
</Reference>
</SignedInfo>
</SomeNode>
<SignedInfo>
<Reference URI="realsignedreference">
<DigestValue>realdigestvalue</DigestValue>
</Reference>
</SignedInfo>
</SignedInfo>
</Signature>
Code to test
Pass in the decrypted version of the document ```js decryptedDocument = ... // yours to implement
// This check is per-Signature node, not per-document const signedInfoNodes = xpath.select(".//*[local-name(.)='SignedInfo']", signatureNode);
if (signedInfoNodes.length === 0) { // Not necessarily a compromise, but invalid. Should contain exactly one SignedInfo node // Yours to implement }
if (signedInfoNodes.length > 1) { // Compromise detected, yours to implement } ```
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "xml-crypto"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "6.0.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "xml-crypto"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.2.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "xml-crypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-29774"
],
"database_specific": {
"cwe_ids": [
"CWE-347"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-14T17:14:23Z",
"nvd_published_at": "2025-03-14T17:15:52Z",
"severity": "CRITICAL"
},
"details": "# Impact\nAn attacker may be able to exploit this vulnerability to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. The vulnerability allows an attacker to modify a valid signed XML message in a way that still passes signature verification checks. For example, it could be used to alter critical identity or access control attributes, enabling an attacker with a valid account to escalate privileges or impersonate another user.\n\n# Patches\nAll versions \u003c= 6.0.0 are affected. Please upgrade to version 6.0.1.\n\nIf you are still using v2.x or v3.x please upgrade to the associated patch version.\n\n# Indicators of Compromise\n\nWhen logging XML payloads, check for the following indicators. If the payload includes encrypted elements, ensure you analyze the decrypted version for a complete assessment. (If encryption is not used, analyze the original XML document directly). This applies to various XML-based authentication and authorization flows, such as SAML Response payloads.\n\n### Multiple SignedInfo Nodes\nThere should not be more than one SignedInfo node inside a Signature. If you find multiple SignedInfo nodes, it could indicate an attack.\n\n```xml\n\u003cSignature\u003e\n \u003cSomeNode\u003e\n \u003cSignedInfo\u003e\n \u003cReference URI=\"somefakereference\"\u003e\n \u003cDigestValue\u003eforgeddigestvalue\u003c/DigestValue\u003e\n \u003c/Reference\u003e\n \u003c/SignedInfo\u003e\n \u003c/SomeNode\u003e\n \u003cSignedInfo\u003e\n \u003cReference URI=\"realsignedreference\"\u003e\n \u003cDigestValue\u003erealdigestvalue\u003c/DigestValue\u003e\n \u003c/Reference\u003e\n \u003c/SignedInfo\u003e\n \u003c/SignedInfo\u003e\n\u003c/Signature\u003e\n```\n\n### Code to test\n\nPass in the decrypted version of the document\n```js\ndecryptedDocument = ... // yours to implement\n\n// This check is per-Signature node, not per-document\nconst signedInfoNodes = xpath.select(\".//*[local-name(.)=\u0027SignedInfo\u0027]\", signatureNode);\n\nif (signedInfoNodes.length === 0) {\n // Not necessarily a compromise, but invalid. Should contain exactly one SignedInfo node\n // Yours to implement\n}\n\nif (signedInfoNodes.length \u003e 1) {\n // Compromise detected, yours to implement\n}\n```",
"id": "GHSA-9p8x-f768-wp2g",
"modified": "2025-03-16T21:34:47Z",
"published": "2025-03-14T17:14:23Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/node-saml/xml-crypto/security/advisories/GHSA-9p8x-f768-wp2g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-29774"
},
{
"type": "WEB",
"url": "https://github.com/node-saml/xml-crypto/commit/28f92218ecbb8dcbd238afa4efbbd50302aa9aed"
},
{
"type": "WEB",
"url": "https://github.com/node-saml/xml-crypto/commit/886dc63a8b4bb5ae1db9f41c7854b171eb83aa98"
},
{
"type": "WEB",
"url": "https://github.com/node-saml/xml-crypto/commit/8ac6118ee7978b46aa56b82cbcaa5fca58c93a07"
},
{
"type": "PACKAGE",
"url": "https://github.com/node-saml/xml-crypto"
},
{
"type": "WEB",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v2.1.6"
},
{
"type": "WEB",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v3.2.1"
},
{
"type": "WEB",
"url": "https://github.com/node-saml/xml-crypto/releases/tag/v6.0.1"
},
{
"type": "WEB",
"url": "https://workos.com/blog/samlstorm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "xml-crypto Vulnerable to XML Signature Verification Bypass via Multiple SignedInfo References"
}
wid-sec-w-2025-0841
Vulnerability from csaf_certbund
Published
2025-04-16 22:00
Modified
2025-05-08 22:00
Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen auszuspähen oder seine Privilegien zu eskalieren
Betroffene Betriebssysteme
- Linux
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Informationen auszusp\u00e4hen oder seine Privilegien zu eskalieren",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0841 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0841.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0841 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0841"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-04-16",
"url": "https://www.ibm.com/support/pages/node/7231056"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7232928 vom 2025-05-08",
"url": "https://www.ibm.com/support/pages/node/7232928"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-05-08T22:00:00.000+00:00",
"generator": {
"date": "2025-05-09T07:44:26.369+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0841",
"initial_release_date": "2025-04-16T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-16T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-05-08T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c13.0.3.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.3.0",
"product_id": "T042961"
}
},
{
"category": "product_version",
"name": "13.0.3.0",
"product": {
"name": "IBM App Connect Enterprise 13.0.3.0",
"product_id": "T042961-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.3.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.13",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.13",
"product_id": "T042962"
}
},
{
"category": "product_version",
"name": "12.0.12.13",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.13",
"product_id": "T042962-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.13"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.11.0",
"product": {
"name": "IBM App Connect Enterprise \u003c12.11.0",
"product_id": "T043525"
}
},
{
"category": "product_version",
"name": "12.11.0",
"product": {
"name": "IBM App Connect Enterprise 12.11.0",
"product_id": "T043525-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.11.0"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-57965",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2024-57965"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-29774",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-29774"
},
{
"cve": "CVE-2025-29775",
"product_status": {
"known_affected": [
"T042961",
"T042962",
"T043525"
]
},
"release_date": "2025-04-16T22:00:00.000+00:00",
"title": "CVE-2025-29775"
}
]
}
wid-sec-w-2025-0705
Vulnerability from csaf_certbund
Published
2025-04-03 22:00
Modified
2025-04-15 22:00
Summary
HCL BigFix WebUI-Anwendungen: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.
Angriff
Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Dateien zu manipulieren, erhöhte Privilegien zu erlangen, einen Denial-of-Service-Zustand auszulösen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen.
Betroffene Betriebssysteme
- Sonstiges
- UNIX
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter anonymer oder lokaler Angreifer kann mehrere Schwachstellen in HCL BigFix ausnutzen, um Dateien zu manipulieren, erh\u00f6hte Privilegien zu erlangen, einen Denial-of-Service-Zustand auszul\u00f6sen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-0705 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0705.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-0705 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0705"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-04-03",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120318"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-27152 2025-04-03",
"url": "https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-25977 2025-04-03",
"url": "https://github.com/canvg/canvg/issues/1749"
},
{
"category": "external",
"summary": "PoC f\u00fcr CVE-2025-27789 2025-04-03",
"url": "https://github.com/babel/babel/pull/17173"
},
{
"category": "external",
"summary": "HCL Security Bulletin vom 2025-04-15",
"url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0120590"
}
],
"source_lang": "en-US",
"title": "HCL BigFix WebUI-Anwendungen: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-04-15T22:00:00.000+00:00",
"generator": {
"date": "2025-04-16T09:16:43.315+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.12"
}
},
"id": "WID-SEC-W-2025-0705",
"initial_release_date": "2025-04-03T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-04-03T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-04-15T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von HCL aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "WebUI Applications",
"product": {
"name": "HCL BigFix WebUI Applications",
"product_id": "T042383",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:webui_applications"
}
}
},
{
"category": "product_version",
"name": "Reports",
"product": {
"name": "HCL BigFix Reports",
"product_id": "T042923",
"product_identification_helper": {
"cpe": "cpe:/a:hcltech:bigfix:reports"
}
}
}
],
"category": "product_name",
"name": "BigFix"
}
],
"category": "vendor",
"name": "HCL"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-47764",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2024-47764"
},
{
"cve": "CVE-2025-25977",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-25977"
},
{
"cve": "CVE-2025-27152",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-27152"
},
{
"cve": "CVE-2025-27789",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-27789"
},
{
"cve": "CVE-2025-29774",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-29774"
},
{
"cve": "CVE-2025-29775",
"product_status": {
"known_affected": [
"T042923",
"T042383"
]
},
"release_date": "2025-04-03T22:00:00.000+00:00",
"title": "CVE-2025-29775"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…