{ "threat_severity" : "Moderate", "public_date" : "2025-09-12T01:16:40Z", "bugzilla" : { "description" : "axios: Axios DoS via lack of data size check", "id" : "2394735", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2394735" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-770", "details" : [ "Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.", "A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response.\nThis path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested responseType: 'stream'." ], "statement" : "Availability impact is limited to the application which bundles axios and not the host Red Hat system.", "affected_release" : [ { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-builder-0:3.1.1-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-creator-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-dev-environment-0:25.12.2-1.1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-dev-tools-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-lint-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-navigator-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-sign-0:0.1.4-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "automation-gateway-0:2.5.20251210-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "automation-hub-0:4.10.10-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "bindep-0:2.13.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "molecule-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-ansible-compat-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-distlib-0:0.4.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-django-0:4.2.26-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-execnet-0:2.1.2-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-galaxy-importer-0:0.4.36-2.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-galaxy-ng-0:4.10.10-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-gunicorn-0:23.0.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-pluggy-0:1.6.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-pytest-0:9.0.1-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-pytest-ansible-0:25.12.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-pytest-xdist-0:3.8.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-ruamel-yaml-clib-0:0.2.15-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-subprocess-tee-0:0.4.2-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-tox-ansible-0:25.12.0-1.2.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 8", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "python3.11-typing-extensions-0:4.15.0-1.el8ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-builder-0:3.1.1-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-creator-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-dev-environment-0:25.12.2-1.1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-dev-tools-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-lint-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-navigator-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "ansible-sign-0:0.1.4-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "automation-gateway-0:2.5.20251210-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "automation-hub-0:4.10.10-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "bindep-0:2.13.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "molecule-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-ansible-compat-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-distlib-0:0.4.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-django-0:4.2.26-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-execnet-0:2.1.2-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-galaxy-importer-0:0.4.36-2.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-galaxy-ng-0:4.10.10-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-gunicorn-0:23.0.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-pluggy-0:1.6.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-pytest-0:9.0.1-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-pytest-ansible-0:25.12.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-pytest-xdist-0:3.8.0-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-ruamel-yaml-clib-0:0.2.15-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-subprocess-tee-0:0.4.2-1.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-tox-ansible-0:25.12.0-1.2.el9ap" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5 for RHEL 9", "release_date" : "2025-12-10T00:00:00Z", "advisory" : "RHSA-2025:23069", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el9", "package" : "python3.11-typing-extensions-0:4.15.0-1.el9ap" }, { "product_name" : "Multicluster Global Hub 1.6.2", "release_date" : "2026-03-31T00:00:00Z", "advisory" : "RHSA-2026:6226", "cpe" : "cpe:/a:redhat:multicluster_globalhub:1.6::el9", "package" : "multicluster-globalhub/multicluster-globalhub-grafana-rhel9:sha256:035d205705b2efd62713bea9d05cffdc5db7a437f050c4a3e3f12746b05c29d4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12", "release_date" : "2025-11-10T00:00:00Z", "advisory" : "RHSA-2025:19961", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "rhacm2/acm-grafana-rhel9:sha256:987874f9b19ea441d376b526c5f09893f1ef639d74708e2beda820d4bcbe90b0" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12", "release_date" : "2025-12-03T00:00:00Z", "advisory" : "RHSA-2025:22684", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "rhacm2/acm-grafana-rhel9:sha256:987874f9b19ea441d376b526c5f09893f1ef639d74708e2beda820d4bcbe90b0" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.13", "release_date" : "2026-01-14T00:00:00Z", "advisory" : "RHSA-2026:0627", "cpe" : "cpe:/a:redhat:acm:2.13::el9", "package" : "rhacm2/acm-grafana-rhel9:sha256:23ee5821994d30b1baeea676d33779059e69ea27b25a776aebc91cc05e7088ea" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.13", "release_date" : "2026-01-15T00:00:00Z", "advisory" : "RHSA-2026:0718", "cpe" : "cpe:/a:redhat:acm:2.13::el9", "package" : "rhacm2/acm-grafana-rhel9:sha256:23ee5821994d30b1baeea676d33779059e69ea27b25a776aebc91cc05e7088ea" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.14", "release_date" : "2025-10-30T00:00:00Z", "advisory" : "RHSA-2025:19335", "cpe" : "cpe:/a:redhat:acm:2.14::el9", "package" : "rhacm2/acm-grafana-rhel9:sha256:0ee74288b19b217b917a4719d08bd1ddead9fdc90bac9f9868b8d721e12a8576" }, { "product_name" : "Red Hat Advanced Cluster Security 4.7", "release_date" : "2025-11-05T00:00:00Z", "advisory" : "RHSA-2025:19804", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.7::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:sha256:0e787e8f7c0f28443b82130fc6099181182202cd8c18666ed0a810ae60ab486d" }, { "product_name" : "Red Hat Advanced Cluster Security 4.8", "release_date" : "2025-10-30T00:00:00Z", "advisory" : "RHSA-2025:19375", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4.8::el8", "package" : "advanced-cluster-security/rhacs-main-rhel8:sha256:1388c6c101de755b40ab7104def78cefaa3143c0808dc0309448ea4deeb11047" }, { "product_name" : "Red Hat Ansible Automation Platform 2.5", "release_date" : "2025-12-11T00:00:00Z", "advisory" : "RHSA-2025:23131", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.5::el8", "package" : "ansible-automation-platform-25/gateway-rhel8:sha256:1873ff17834c924950fc5055c75b8aa99d430cf41ade6f67ff54e31bd243493e" }, { "product_name" : "Red Hat Ansible Automation Platform 2.6", "release_date" : "2025-10-28T00:00:00Z", "advisory" : "RHSA-2025:19221", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2.6::el9", "package" : "ansible-automation-platform-26/gateway-rhel9:sha256:3dce912c04e50532020ef82da326f495f9a191a834c393081d6b3d2a9247f986" }, { "product_name" : "Red Hat Developer Hub 1.6", "release_date" : "2025-09-25T00:00:00Z", "advisory" : "RHSA-2025:16747", "cpe" : "cpe:/a:redhat:rhdh:1.6::el9", "package" : "rhdh/rhdh-hub-rhel9:sha256:7498105e03c741dd2ac9c39ad4ff9f22c4fee7dd40b2fd9c599996a7e67b3562" }, { "product_name" : "Red Hat Developer Hub 1.7", "release_date" : "2025-11-03T00:00:00Z", "advisory" : "RHSA-2025:19529", "cpe" : "cpe:/a:redhat:rhdh:1.7::el9", "package" : "rhdh/rhdh-hub-rhel9:sha256:385d0b730e3f14f6878221d817b58d31da560c2edc52235b74bbbd8324b29389" }, { "product_name" : "Red Hat OpenShift AI 2.22", "release_date" : "2025-12-04T00:00:00Z", "advisory" : "RHSA-2025:22759", "cpe" : "cpe:/a:redhat:openshift_ai:2.22::el9", "package" : "rhoai/odh-dashboard-rhel9:sha256:3f8491f3004efaaf8a508cc7ad139dafae667a3c2f3e31736ade9997e4eb789b" }, { "product_name" : "Red Hat OpenShift GitOps 1.17", "release_date" : "2026-01-22T00:00:00Z", "advisory" : "RHSA-2026:1018", "cpe" : "cpe:/a:redhat:openshift_gitops:1.17::el8", "package" : "openshift-gitops-1/argocd-extensions-rhel8:sha256:221e413f5a21ae4a8eb3a92c88a0f901980fb022f43c5c9dd0b618cb8d94f12f" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2025-10-16T00:00:00Z", "advisory" : "RHSA-2025:18252", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/kiali-ossmc-rhel9:sha256:10c0ed3900fe219c33c017e9e556d76fd9d3349f3ec1d4d2858786a29ff48ba7" }, { "product_name" : "Red Hat OpenShift Service Mesh 3.1", "release_date" : "2025-10-16T00:00:00Z", "advisory" : "RHSA-2025:18252", "cpe" : "cpe:/a:redhat:service_mesh:3.1::el9", "package" : "openshift-service-mesh/kiali-rhel9:sha256:22c837daffe03e76ca74c79d876aa0b4b638e8e5d94fe809a62642c2e322b192" }, { "product_name" : "Red Hat Quay 3.14", "release_date" : "2026-03-10T00:00:00Z", "advisory" : "RHSA-2026:4215", "cpe" : "cpe:/a:redhat:quay:3.14::el8", "package" : "quay/quay-rhel8:sha256:05cc4b4410de27e32897492effb21362d8c1bc8cc56e9408fc9a19f9f3149899" }, { "product_name" : "Red Hat Quay 3.15", "release_date" : "2026-02-04T00:00:00Z", "advisory" : "RHSA-2026:1942", "cpe" : "cpe:/a:redhat:quay:3.15::el8", "package" : "quay/quay-rhel8:sha256:08a827d542790820a10a61bacdc8ab7c05a6fdd476f1224ed76f20d65e93673f" }, { "product_name" : "Red Hat Quay 3.16", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23546", "cpe" : "cpe:/a:redhat:quay:3.16::el9", "package" : "quay/quay-rhel9:sha256:7049867fcd9228a58d92557eb1d69f3f0ca7479003c7773a16153cbbe64c3acb" } ], "package_state" : [ { "product_name" : "Cryostat 4", "fix_state" : "Not affected", "package_name" : "io.cryostat-cryostat", "cpe" : "cpe:/a:redhat:cryostat:4" }, { "product_name" : "Gatekeeper 3", "fix_state" : "Affected", "package_name" : "gatekeeper/gatekeeper-rhel9", "cpe" : "cpe:/a:redhat:gatekeeper:3" }, { "product_name" : "Migration Toolkit for Applications 7", "fix_state" : "Affected", "package_name" : "mta/mta-ui-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:7" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Affected", "package_name" : "mta/mta-ui-rhel9", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Migration Toolkit for Applications 8", "fix_state" : "Affected", "package_name" : "mta-static-report-container", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:8" }, { "product_name" : "Migration Toolkit for Containers", "fix_state" : "Affected", "package_name" : "rhmtc/openshift-migration-ui-rhel8", "cpe" : "cpe:/a:redhat:rhmt:1" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Not affected", "package_name" : "multicluster-engine/console-mce-rhel8", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Multicluster Engine for Kubernetes", "fix_state" : "Not affected", "package_name" : "multicluster-engine/console-mce-rhel9", "cpe" : "cpe:/a:redhat:multicluster_engine" }, { "product_name" : "Network Observability Operator", "fix_state" : "Affected", "package_name" : "network-observability/network-observability-console-plugin-compat-rhel9", "cpe" : "cpe:/a:redhat:network_observ_optr:1" }, { "product_name" : "Network Observability Operator", "fix_state" : "Affected", "package_name" : "network-observability/network-observability-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:network_observ_optr:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-hub-api-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-hub-api-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-hub-db-migration-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-hub-db-migration-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Will not fix", "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Not affected", "package_name" : "openshift-serverless-1/kn-backstage-plugins-eventmesh-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Affected", "package_name" : "openshift-service-mesh/kiali-ossmc-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Affected", "package_name" : "openshift-service-mesh/kiali-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "openshift-service-mesh/kiali-operator-bundle", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Affected", "package_name" : "openshift-service-mesh/kiali-rhel9-operator", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2", "fix_state" : "Not affected", "package_name" : "rhacm2/console-rhel9", "cpe" : "cpe:/a:redhat:acm:2" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-rhel8-operator", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-db-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Advanced Cluster Security 4", "fix_state" : "Not affected", "package_name" : "advanced-cluster-security/rhacs-scanner-v4-rhel8", "cpe" : "cpe:/a:redhat:advanced_cluster_security:4" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "automation-controller", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python3x-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Not affected", "package_name" : "python-galaxy-ng", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Not affected", "package_name" : "io.hawt-project", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "io.apicurio-apicurio-registry", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Affected", "package_name" : "org.infinispan-infinispan-console", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Developer Hub", "fix_state" : "Not affected", "package_name" : "rhdh/rhdh-rhel9-operator", "cpe" : "cpe:/a:redhat:rhdh:1" }, { "product_name" : "Red Hat Discovery 1", "fix_state" : "Affected", "package_name" : "discovery/discovery-ui-rhel9", "cpe" : "cpe:/a:redhat:discovery:1" }, { "product_name" : "Red Hat Discovery 2", "fix_state" : "Affected", "package_name" : "discovery/discovery-ui-rhel9", "cpe" : "cpe:/a:redhat:discovery:2::el9" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Affected", "package_name" : "io.apicurio-apicurito", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-dashboard-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-kf-notebook-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-notebook-controller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Will not fix", "package_name" : "openshift4/ose-console-rhel9", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/code-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/code-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/configbump-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/dashboard-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/dashboard-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/devspaces-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/imagepuller-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces-tech-preview/idea-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces-tech-preview/jetbrains-ide-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Affected", "package_name" : "devspaces/traefik-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/argocd-agent-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/argocd-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/argocd-rhel9", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/argo-rollouts-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/console-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/dex-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/gitops-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/gitops-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/gitops-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/must-gather-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/kubevirt-console-plugin", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat OpenShift Virtualization 4", "fix_state" : "Affected", "package_name" : "container-native-virtualization/kubevirt-console-plugin-rhel9", "cpe" : "cpe:/a:redhat:container_native_virtualization:4" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Affected", "package_name" : "org.kie-process-migration-service", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "rhtas/createtree-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "rhtas/trillian-database-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "rhtas/trillian-logserver-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "rhtas/trillian-logsigner-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "rhtas/trillian-redis-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Artifact Signer", "fix_state" : "Affected", "package_name" : "rhtas/updatetree-rhel9", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1" }, { "product_name" : "Red Hat Trusted Profile Analyzer", "fix_state" : "Affected", "package_name" : "rhtpa/rhtpa-trustification-service-rhel9", "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:2" }, { "product_name" : "streams for Apache Kafka 2", "fix_state" : "Affected", "package_name" : "com.github.streamshub-console", "cpe" : "cpe:/a:redhat:amq_streams:2" }, { "product_name" : "streams for Apache Kafka 3", "fix_state" : "Not affected", "package_name" : "com.github.streamshub-console", "cpe" : "cpe:/a:redhat:amq_streams:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-58754\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-58754\nhttps://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593\nhttps://github.com/axios/axios/pull/7011\nhttps://github.com/axios/axios/releases/tag/v1.12.0\nhttps://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj" ], "name" : "CVE-2025-58754", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }