{ "threat_severity" : "Important", "public_date" : "2025-12-29T22:56:45Z", "bugzilla" : { "description" : "qs: qs: Denial of Service via improper input validation in array parsing", "id" : "2425946", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425946" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-770", "details" : [ "Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1.\nSummary\nThe arrayLimit option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimit should apply uniformly across all array notations.\nNote: The default parameterLimit of 1000 effectively mitigates the DoS scenario originally described. With default options, bracket notation cannot produce arrays larger than parameterLimit regardless of arrayLimit, because each a[]=valueconsumes one parameter slot. The severity has been reduced accordingly.\nDetails\nThe arrayLimit option only checked limits for indexed notation (a[0]=1&a[1]=2) but did not enforce it for bracket notation (a[]=1&a[]=2).\nVulnerable code (lib/parse.js:159-162):\nif (root === '[]' && options.parseArrays) {\nobj = utils.combine([], leaf); // No arrayLimit check\n}\nWorking code (lib/parse.js:175):\nelse if (index <= options.arrayLimit) { // Limit checked here\nobj = [];\nobj[index] = leaf;\n}\nThe bracket notation handler at line 159 uses utils.combine([], leaf) without validating against options.arrayLimit, while indexed notation at line 175 checks index <= options.arrayLimit before creating arrays.\nPoC\nconst qs = require('qs');\nconst result = qs.parse('a[]=1&a[]=2&a[]=3&a[]=4&a[]=5&a[]=6', { arrayLimit: 5 });\nconsole.log(result.a.length); // Output: 6 (should be max 5)\nNote on parameterLimit interaction: The original advisory's \"DoS demonstration\" claimed a length of 10,000, but parameterLimit (default: 1000) caps parsing to 1,000 parameters. With default options, the actual output is 1,000, not 10,000.\nImpact\nConsistency bug in arrayLimit enforcement. With default parameterLimit, the practical DoS risk is negligible since parameterLimit already caps the total number of parsed parameters (and thus array elements from bracket notation). The risk increases only when parameterLimit is explicitly set to a very high value.", "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users." ], "statement" : "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.", "affected_release" : [ { "product_name" : "Cryostat 4 on RHEL 9", "release_date" : "2026-01-19T00:00:00Z", "advisory" : "RHSA-2026:0761", "cpe" : "cpe:/a:redhat:cryostat:4::el9", "package" : "cryostat/cryostat-openshift-console-plugin-rhel9:4.1.0-16" }, { "product_name" : "Multicluster Global Hub 1.4.5", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2500", "cpe" : "cpe:/a:redhat:multicluster_globalhub:1.4::el9", "package" : "multicluster-globalhub/multicluster-globalhub-grafana-rhel9:sha256:2630957b6783b2bf14940c9a153f25e68b2f4f2cdd17f2ed3a23c284b8d71aca" }, { "product_name" : "Multicluster Global Hub 1.5.4", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2256", "cpe" : "cpe:/a:redhat:multicluster_globalhub:1.5::el9", "package" : "multicluster-globalhub/multicluster-globalhub-grafana-rhel9:sha256:65e1e93c8ea20fe257ac85c371404df1b13c1966e07b0b5d605ae30ef0cec42f" }, { "product_name" : "Network Observability (NETOBSERV) 1.11.1", "release_date" : "2026-02-18T00:00:00Z", "advisory" : "RHSA-2026:2900", "cpe" : "cpe:/a:redhat:network_observ_optr:1.11::el9", "package" : "network-observability/network-observability-console-plugin-compat-rhel9:sha256:17be6b67f5ed6757b65df0d59dc5d59130ee2e3510c60453de77fadfd7ca3c16" }, { "product_name" : "Network Observability (NETOBSERV) 1.11.1", "release_date" : "2026-02-18T00:00:00Z", "advisory" : "RHSA-2026:2900", "cpe" : "cpe:/a:redhat:network_observ_optr:1.11::el9", "package" : "network-observability/network-observability-console-plugin-rhel9:sha256:3f4b1539a41af46e0dcc3ee1e06d760b504448190cf1f5963171e504cbcb82e2" }, { "product_name" : "Red Hat Advanced Cluster Security 4.8", "release_date" : "2026-01-28T00:00:00Z", "advisory" : "RHSA-2026:1517", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:sha256:2b5ba43a096f738c776e4fc95ac5afabbe1b80826c7350f85f0ca5987f412406" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-09T00:00:00Z", "advisory" : "RHSA-2026:2350", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:sha256:01d01a649ed0c466925ebdfc7e632c7c01f0e59ef5d764d2f2dcf51f355b68ec" }, { "product_name" : "Red Hat Advanced Cluster Security for Kubernetes 4.9", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2568", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.9::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:sha256:25bb4a371c5656d01a53060df46b7fbb5a287fe843c08581be69fb42ff5ec5dd" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2026-01-29T00:00:00Z", "advisory" : "RHSA-2026:1596", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/gateway-rhel9:sha256:7929136d1aeb2005121b08d8dc5cbe7d21839a6bcdfe5bfeab6e6307a938fd31" }, { "product_name" : "Red Hat Developer Hub 1.7", "release_date" : "2026-01-07T00:00:00Z", "advisory" : "RHSA-2026:0261", "cpe" : "cpe:/a:redhat:rhdh:1.7::el9", "package" : "rhdh/rhdh-hub-rhel9:sha256:29ada5e84c6b204cf518191a21bbd22de5cb53a61bc1812b1072ce5c28a235b2" }, { "product_name" : "Red Hat Developer Hub 1.8", "release_date" : "2026-01-13T00:00:00Z", "advisory" : "RHSA-2026:0531", "cpe" : "cpe:/a:redhat:rhdh:1.8::el9", "package" : "rhdh/rhdh-hub-rhel9:sha256:7185a8f744022307c7a178d35e7ae32d7797eed4f9379b2dba8954e2856f2ed1" }, { "product_name" : "Red Hat Discovery 2", "release_date" : "2026-01-08T00:00:00Z", "advisory" : "RHSA-2026:0414", "cpe" : "cpe:/a:redhat:discovery:2::el9", "package" : "discovery/discovery-ui-rhel9:sha256:899bd7f941512d54af8ab369ca03028a7d27d05887ccce24bc12c7ccd3e4dbee" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-pipeline-runtime-datascience-cpu-py312-rhel9:sha256:2c9753a43a23ab943cb8c0f43ac80d035e302336dd91fb259997a70325cb37f6" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-pipeline-runtime-minimal-cpu-py312-rhel9:sha256:4096c7e3d91d69e41a95c39a40898ab2330c5511f0a175d23567e7142612e79a" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-pipeline-runtime-pytorch-cuda-py312-rhel9:sha256:b275a657a249223727b565df671c6c0db6e988b267cdb3ba0619c6334718747b" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-pipeline-runtime-pytorch-llmcompressor-cuda-py312-rhel9:sha256:12128f22697ec726d3cfa2b3eee1175976a87c4fab3aa6dcd89d9abe67093d0c" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-pipeline-runtime-pytorch-rocm-py312-rhel9:sha256:7a884421baef638e002bc0fcecfd46ea42dec4001c558bb1185b8b8363b0adb2" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-pipeline-runtime-tensorflow-cuda-py312-rhel9:sha256:29293cdd2749c301a0e042ae09192e12ac2820cc18a1cfae2604906da61990ca" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-pipeline-runtime-tensorflow-rocm-py312-rhel9:sha256:5cb6f52106f21514649baea4646169c183d6b754397e3611c956aa174f3e5535" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-codeserver-datascience-cpu-py312-rhel9:sha256:0536538cc6a4ec7403d0dd8774dcf9cc6e462b1dff23db98f6bc34d3459ac5ae" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-jupyter-datascience-cpu-py312-rhel9:sha256:43d21d0d662ffeafe53ae795dfef523273fa163f66b8b8a75b20473e939b1026" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-jupyter-minimal-cpu-py312-rhel9:sha256:44c8c2789b1773d6a66d68eac85262ac173989f99ae5bc0ea8c192bd1504d3f2" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-jupyter-minimal-cuda-py312-rhel9:sha256:a0d1f6b27d2efdeed7e9704b5ebadea84cc57a1b5a43a9288531430f6de0b3f3" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-jupyter-minimal-rocm-py312-rhel9:sha256:75cb61e92fd90fb9c0dffbda67fd43b089cc2bf39eedcacc5ff09bfd04024c41" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-jupyter-pytorch-cuda-py312-rhel9:sha256:f818bea78b6625dd967ef8ea3ef914fdf48f50169e78590ea01d8aad0c9dc3f7" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-jupyter-pytorch-llmcompressor-cuda-py312-rhel9:sha256:a4e27470683e611f9a48d97ed99223310876c2c9899fc031e3761f436d5822b0" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-jupyter-pytorch-rocm-py312-rhel9:sha256:8c992019d49325f304a04bbe85b3b269f31cb86d69c48a05e462521d68242ba3" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-jupyter-tensorflow-cuda-py312-rhel9:sha256:118431b70712622eebc503820f1fbefea0f0b1932f12f20f2f05330025b353ce" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-jupyter-tensorflow-rocm-py312-rhel9:sha256:fcfb4db43f18461159c3523a989178e34c190f1109f38af0f215017904bdaac8" }, { "product_name" : "Red Hat OpenShift AI 3.3", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3713", "cpe" : "cpe:/a:redhat:openshift_ai:3.3::el9", "package" : "rhoai/odh-workbench-jupyter-trustyai-cpu-py312-rhel9:sha256:21ce8b1d704b14c4d0c68fb2cd8db48d9e22e636a060fedc221f00980333de0a" }, { "product_name" : "Red Hat OpenShift Container Platform 4.17", "release_date" : "2026-02-18T00:00:00Z", "advisory" : "RHSA-2026:2672", "cpe" : "cpe:/a:redhat:openshift:4.17::el9", "package" : "openshift4/ose-monitoring-plugin-rhel9:sha256:0733954da51d76f0c830fded03f5249eccdda4ccecd246dc60fb833ce3483b95" }, { "product_name" : "Red Hat OpenShift Container Platform 4.18", "release_date" : "2026-02-11T00:00:00Z", "advisory" : "RHSA-2026:2078", "cpe" : "cpe:/a:redhat:openshift:4.18::el9", "package" : "openshift4/ose-monitoring-plugin-rhel9:sha256:14ab16d0cfd8edaa851daf8c75edfd47296a05b1b24ecd904aa7ad879832e036" }, { "product_name" : "Red Hat OpenShift Container Platform 4.19", "release_date" : "2026-02-04T00:00:00Z", "advisory" : "RHSA-2026:1552", "cpe" : "cpe:/a:redhat:openshift:4.19::el9", "package" : "openshift4/ose-monitoring-plugin-rhel9:sha256:2b092b348964e17cb17a78672361189c3b81e1aa833614daface062c89601cd2" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2026-01-27T00:00:00Z", "advisory" : "RHSA-2026:1000", "cpe" : "cpe:/a:redhat:openshift:4.20::el9", "package" : "openshift4/ose-monitoring-plugin-rhel9:sha256:4c35e5d75482b58c8ef656f864a37a5426533737cc155869ae8f8f4812c0daaa" }, { "product_name" : "Red Hat OpenShift Container Platform 4.21", "release_date" : "2026-02-10T00:00:00Z", "advisory" : "RHSA-2026:2129", "cpe" : "cpe:/a:redhat:openshift:4.21::el9", "package" : "openshift4/ose-monitoring-plugin-rhel9:sha256:09ad41d3ddb9aba6d649812d1e48433f5778b1cd9d5e0e1466b34e6516b864e1" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-10T00:00:00Z", "advisory" : "RHSA-2026:2456", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/code-rhel9:sha256:60a1c1cf2a755e24203ae76e37c3e1c08f97ae8a1905df3538b31f7d9b543f0f" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-10T00:00:00Z", "advisory" : "RHSA-2026:2456", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/dashboard-rhel9:sha256:65b57a43496e012535680c5f6758bf4e482f0496619c1502b50cb4852723088e" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-10T00:00:00Z", "advisory" : "RHSA-2026:2456", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/openvsx-rhel9:sha256:024f64869d4813d8b0938f8cad9a0bf4e4e924a5082ac2ee3ea0bc6ba51edfe5" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.26", "release_date" : "2026-02-10T00:00:00Z", "advisory" : "RHSA-2026:2456", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.26::el9", "package" : "devspaces/pluginregistry-rhel9:sha256:4c5121d8f31d840f55e575bf266f2ca179a81f05dd49fbd63a4ee7e3f8a97001" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3710", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-console-plugin-rhel8:sha256:494857108f0b09c8b8985062cc11b9879d126b207fcd72f6abb64ded3d8d1793" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3710", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-hub-ui-rhel8:sha256:0dee713a14ab49d93b52b280d4ca3c6fc1c5f604087c81b755a6715330c91ea7" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3712", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-console-plugin-rhel8:sha256:494857108f0b09c8b8985062cc11b9879d126b207fcd72f6abb64ded3d8d1793" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3712", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-hub-ui-rhel8:sha256:0dee713a14ab49d93b52b280d4ca3c6fc1c5f604087c81b755a6715330c91ea7" }, { "product_name" : "Red Hat OpenShift Pipelines 1.2", "release_date" : "2026-03-05T00:00:00Z", "advisory" : "RHSA-2026:3825", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.20::el9", "package" : "openshift-pipelines/pipelines-console-plugin-rhel9:sha256:120d93e1cf2a96bfa9d7745b88377651055ebe5595f68b7b4a4bb26f633e8611" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2145", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/kiali-ossmc-rhel8:sha256:4e910b08863756516707f2ad8198c04dc6d706c78f481561a3b2e896800d4dbe" }, { "product_name" : "Red Hat OpenShift Service Mesh 2.6", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2145", "cpe" : "cpe:/a:redhat:service_mesh:2.6::el8", "package" : "openshift-service-mesh/kiali-rhel8:sha256:ad1449f9047107c23d5b0e53c3ca148a12a9729dd7aa474c5eadb55870f314fa" }, { "product_name" : "Red Hat OpenShift Service Mesh 3", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2147", "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9", "package" : "openshift-service-mesh/kiali-ossmc-rhel9:sha256:19c44dfb277123122abafc25552fe408ea7ad6dc026aa592f53e3a754ca0a44f" }, { "product_name" : "Red Hat OpenShift Service Mesh 3", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2147", "cpe" : "cpe:/a:redhat:service_mesh:3.0::el9", "package" : "openshift-service-mesh/kiali-rhel9:sha256:527fd434b3b1f9b9304adbedd89a593ca347a84571a68c7935afe6aa207db49f" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2148", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/kiali-ossmc-rhel9:sha256:82e36c47f867ced806082b44fe357e70b07c72c4258c16af5a14f56fc040b534" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2148", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/kiali-rhel9:sha256:2cdf4960ec57c4971d2f9ce92b07686831e6f55e24c9b1a2831470f8da05b598" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.2", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2149", "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9", "package" : "openshift-service-mesh/kiali-ossmc-rhel9:sha256:700c2524c0def53bf8e5f7832c27496a3e9ff5c9d939d38c59a7fae167418e16" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.2", "release_date" : "2026-02-05T00:00:00Z", "advisory" : "RHSA-2026:2149", "cpe" : "cpe:/a:redhat:service_mesh:3.2::el9", "package" : "openshift-service-mesh/kiali-rhel9:sha256:a97c82b48b920f1d3843d08dbe55d3759b237365e2b97501a640a1c0bd08d5ca" }, { "product_name" : "Red Hat Quay 3.1", "release_date" : "2026-02-16T00:00:00Z", "advisory" : "RHSA-2026:2762", "cpe" : "cpe:/a:redhat:quay:3.10::el8", "package" : "quay/quay-rhel8:sha256:5cf58b1f54219b67c725f4a5066d9e757e7b5ece39d5de1a474a8be6a3490401" }, { "product_name" : "Red Hat Quay 3.12", "release_date" : "2026-02-02T00:00:00Z", "advisory" : "RHSA-2026:1730", "cpe" : "cpe:/a:redhat:quay:3.12::el8", "package" : "quay/quay-rhel8:sha256:03a485b1c02f5155f22c7820c166889b3f7d7b479892bb4d106432fa2dbf217b" }, { "product_name" : "Red Hat Quay 3.13", "release_date" : "2026-03-10T00:00:00Z", "advisory" : "RHSA-2026:4185", "cpe" : "cpe:/a:redhat:quay:3.13::el8", "package" : "quay/quay-rhel8:sha256:1403699a49e9fa2e04fab27f28de244b6e3e631877eb6eddb55b676d3ec44587" }, { "product_name" : "Red Hat Quay 3.14", "release_date" : "2026-03-10T00:00:00Z", "advisory" : "RHSA-2026:4215", "cpe" : "cpe:/a:redhat:quay:3.14::el8", "package" : "quay/quay-rhel8:sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899" }, { "product_name" : "Red Hat Quay 3.15", "release_date" : "2026-02-04T00:00:00Z", "advisory" : "RHSA-2026:1942", "cpe" : "cpe:/a:redhat:quay:3.15::el8", "package" : "quay/quay-rhel8:sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f" }, { "product_name" : "Red Hat Quay 3.16", "release_date" : "2026-02-12T00:00:00Z", "advisory" : "RHSA-2026:2681", "cpe" : "cpe:/a:redhat:quay:3.16::el9", "package" : "quay/quay-rhel9:sha256:35e3dc29e64bae8c0b35d7884281397c58165a5b145676919452a02b9f56ee4c" } ], "package_state" : [ { "product_name" : "Cryostat 4", "fix_state" : "Not affected", "package_name" : "io.cryostat-cryostat", "cpe" : "cpe:/a:redhat:cryostat:4" }, { "product_name" : "Gatekeeper 3", "fix_state" : "Not affected", "package_name" : "gatekeeper/gatekeeper-rhel9", "cpe" : "cpe:/a:redhat:gatekeeper:3" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/cluster-logging-operator-bundle", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/cluster-logging-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/elasticsearch6-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/elasticsearch-operator-bundle", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/elasticsearch-proxy-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/elasticsearch-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/fluentd-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/kibana6-rhel8", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/log-file-metric-exporter-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/logging-curator5-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/logging-view-plugin-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Will not fix", "package_name" : "openshift-logging/vector-rhel9", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/cluster-logging-operator-bundle", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/cluster-logging-rhel9-operator", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/eventrouter-rhel9", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/log-file-metric-exporter-rhel9", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Not affected", "package_name" : "openshift-logging/vector-rhel9", "cpe" : "cpe:/a:redhat:logging:6" }, { "product_name" : "Migration Toolkit for Applications 7", "fix_state" : "Affected", "package_name" : "mta/mta-ui-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:7" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Affected", "package_name" : "mta/mta-ui-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Migration Toolkit for Containers", "fix_state" : "Affected", "package_name" : "rhmtc/openshift-migration-ui-rhel8", "cpe" : "cpe:/a:redhat:rhmt:1" }, { "product_name" : "Migration Toolkit for Virtualization", "fix_state" : "Affected", "package_name" : "migration-toolkit-virtualization/mtv-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "product_name" : "Migration Toolkit for Virtualization", "fix_state" : "Will not fix", "package_name" : "mtv-candidate/mtv-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_virtualization:2" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Not affected", "package_name" : "multicluster-engine/console-mce-rhel9", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Not affected", "package_name" : "workload-availability/node-healthcheck-must-gather-rhel9", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Not affected", "package_name" : "workload-availability/node-healthcheck-operator-bundle", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Not affected", "package_name" : "workload-availability/node-healthcheck-rhel9-operator", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Will not fix", "package_name" : "workload-availability/node-remediation-console-rhel8", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "Node HealthCheck Operator", "fix_state" : "Not affected", "package_name" : "workload-availability/node-remediation-console-rhel9", "cpe" : "cpe:/a:redhat:workload_availability_nhc:0" }, { "product_name" : "OpenShift Lightspeed", "fix_state" : "Affected", "package_name" : "openshift-lightspeed/lightspeed-console-plugin-pf5-rhel9", "cpe" : "cpe:/a:redhat:openshift_lightspeed" }, { "product_name" : "OpenShift Lightspeed", "fix_state" : "Affected", "package_name" : "openshift-lightspeed/lightspeed-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift_lightspeed" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-hub-api-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-hub-api-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-hub-db-migration-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-hub-db-migration-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-ddb-streams-source-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-s3-sink-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-s3-source-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-sns-sink-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-sqs-sink-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-aws-sqs-source-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-log-sink-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-eventing-integrations-timer-source-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Affected", "package_name" : "openshift-serverless-1/kn-eventing-integrations-transform-jsonata-rhel9", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh-dev-preview-beta/istio-ztunnel-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-cni-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-must-gather-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-pilot-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-proxyv2-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-rhel9-operator", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-sail-operator-bundle", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/istio-ztunnel-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/kiali-operator-bundle", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh/kiali-rhel9-operator", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Not affected", "package_name" : "openshift-service-mesh-tech-preview/istio-ztunnel-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp21/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp22/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp24/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp25/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp26/system", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Affected", "package_name" : "3scale-amp2/system-rhel7", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/system-rhel8", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat 3scale API Management Platform 2", "fix_state" : "Will not fix", "package_name" : "3scale-amp2/system-rhel9", "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Affected", "package_name" : "rhacm2/acm-grafana-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/console-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/volsync-operator-bundle", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/volsync-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-collector-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-operator-bundle", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-rhel8-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Will not fix", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Not affected", "package_name" : "org.jolokia-jolokia-parent", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Will not fix", "package_name" : "ansible-automation-platform-24/lightspeed-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-25/lightspeed-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "ansible-automation-platform-26/lightspeed-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Not affected", "package_name" : "io.hawt-project", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "io.apicurio-apicurio-registry", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat build of OptaPlanner 8", "fix_state" : "Will not fix", "package_name" : "org.optaweb.vehiclerouting-optaweb-vehicle-routing", "cpe" : "cpe:/a:redhat:optaplanner:::el6" }, { "product_name" : "Red Hat Ceph Storage 8", "fix_state" : "Affected", "package_name" : "rhceph/grafana-rhel9", "cpe" : "cpe:/a:redhat:ceph_storage:8" }, { "product_name" : "Red Hat Connectivity Link 1", "fix_state" : "Affected", "package_name" : "rhcl-1/rhcl-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:connectivity_link:1" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Affected", "package_name" : "org.infinispan-infinispan-console", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhem/flightctl-ui-ocp-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Edge Manager preview", "fix_state" : "Affected", "package_name" : "rhem/flightctl-ui-rhel9", "cpe" : "cpe:/a:redhat:edge_manager:0" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "gjs", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Affected", "package_name" : "linux-sgx", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "mozjs60", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "gjs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "linux-sgx", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "polkit", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/bootc-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Affected", "package_name" : "rhelai3/disk-image-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "io.apicurio-apicurito", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Not affected", "package_name" : "io.hawt-hawtio-integration", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "io.hawt-hawtio-online", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "io.hawt-project", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "io.syndesis-syndesis-parent", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Not affected", "package_name" : "io.syndesis-syndesis-ui", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Not affected", "package_name" : "io.hawt-project", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Not affected", "package_name" : "org.jboss.hal-hal-parent", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "io.hawt-project", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "io.smallrye-smallrye-open-api-parent", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "org.keycloak-keycloak-parent", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "io.hawt-project", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "io.smallrye-smallrye-open-api-parent", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "org.keycloak-keycloak-parent", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-dashboard-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-dashboard-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-kf-notebook-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-mod-arch-gen-ai-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Affected", "package_name" : "rhoai/odh-mod-arch-model-registry-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-notebook-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/nmstate-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-agent-installer-ui-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-console-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Affected", "package_name" : "openshift4/ose-networking-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/mcg-core-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/ocs-client-console-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Affected", "package_name" : "odf4/odf-console-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat Openshift Data Foundation 4", "fix_state" : "Not affected", "package_name" : "odf4/odf-multicluster-console-rhel9", "cpe" : "cpe:/a:redhat:openshift_data_foundation:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/code-sshd-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/devspaces-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Will not fix", "package_name" : "devspaces-tech-preview/idea-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/traefik-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift distributed tracing 3", "fix_state" : "Not affected", "package_name" : "rhosdt/tempo-jaeger-query-rhel8", "cpe" : "cpe:/a:redhat:openshift_distributed_tracing:3" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/argocd-agent-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/argocd-extensions-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/argocd-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/argocd-rhel9", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/argo-rollouts-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/console-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/dex-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/gitops-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/gitops-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/gitops-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/must-gather-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "org.kie-process-migration-service", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "org.kie.workbench-kie-wb-common", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "org.uberfire-uberfire-parent", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite/iop-advisor-frontend-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite/iop-host-inventory-frontend-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite/iop-remediations-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Affected", "package_name" : "satellite/iop-vulnerability-frontend-rhel9", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/createtree-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/trillian-database-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/trillian-logserver-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/trillian-logsigner-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/trillian-redis-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Not affected", "package_name" : "rhtas/updatetree-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Profile Analyzer", "fix_state" : "Not affected", "package_name" : "rhtpa/rhtpa-trustification-service-rhel9", "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:1" }, { "product_name" : "streams for Apache Kafka 2", "fix_state" : "Affected", "package_name" : "com.github.streamshub-console", "cpe" : "cpe:/a:redhat:amq_streams:2" }, { "product_name" : "streams for Apache Kafka 3", "fix_state" : "Affected", "package_name" : "com.github.streamshub-console", "cpe" : "cpe:/a:redhat:amq_streams:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-15284\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-15284\nhttps://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9\nhttps://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p" ], "name" : "CVE-2025-15284", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.", "lang" : "en:us" }, "csaw" : false }