{ "threat_severity" : "Important", "public_date" : "2025-08-20T21:59:44Z", "bugzilla" : { "description" : "sha.js: Missing type checks leading to hash rewind and passing on crafted data", "id" : "2389980", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2389980" }, "cvss3" : { "cvss3_base_score" : "7.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-20", "details" : [ "Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.", "A vulnerability was found in sha.js, where the hashing implementation does not perform sufficient input type validation. The .update() function accepts arbitrary objects, including those with crafted length properties, which can alter the internal state machine of the hashing process. This flaw may result in unexpected behavior such as rewinding the hash state, producing inconsistent digest outputs, or entering invalid processing loops. The issue was introduced due to the reliance on JavaScript object coercion rules rather than enforcing strict buffer or string inputs." ], "statement" : "This vulnerability was marked as Important rather then Critical because while the lack of input type checks in sha.js allows for hash state rewinding, crafted collisions, and potential denial of service, the vulnerability requires highly specific crafted input objects that are unlikely to occur in typical real-world usage, especially since most applications pass well-formed strings or buffers to hashing functions. Moreover, the cryptographic breakages described, such as nonce reuse leading to private key extraction, are indirect and depend on downstream libraries misusing sha.js for sensitive operations without additional validation layers. As a result, the flaw significantly undermines correctness and robustness of the hashing API, but its exploitability in common production systems is constrained, which could justify viewing it as an Important vulnerability rather than a Critical one.\nThe flaw requires applications to pass attacker-controlled, non-standard JavaScript objects into hash.update(). Most real-world Node.js applications and libraries already use Buffer, TypedArray, or String inputs, which are unaffected. Furthermore, Node’s built-in crypto module, which is widely adopted, enforces stricter type-checking and is not impacted. As a result, the vulnerability mainly threatens projects that (a) directly depend on sha.js for cryptographically sensitive operations, and (b) hash untrusted input without type validation.", "affected_release" : [ { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 8", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el8", "package" : "multicluster-engine-assisted-service-8-container-v2.7.6-2" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-addon-manager-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-assisted-image-service-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-assisted-installer-agent-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-assisted-installer-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-assisted-installer-controller-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-assisted-service-9-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-cluster-api-provider-agent-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-cluster-api-provider-kubevirt-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine/cluster-api-rhel9:v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-clusterclaims-controller-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-cluster-curator-controller-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-cluster-image-set-controller-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-clusterlifecycle-state-metrics-container-v2.7.6-4" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-cluster-proxy-addon-container-v2.7.6-4" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-cluster-proxy-container-v2.7.6-4" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-console-mce-container-v2.7.6-4" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-discovery-operator-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-hive-container-v2.7.6-4" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-hypershift-addon-operator-container-v2.7.6-4" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-hypershift-cli-container-v2.7.6-4" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-hypershift-operator-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-image-based-install-container-v2.7.6-11" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-kube-rbac-proxy-mce-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-managedcluster-import-controller-container-v2.7.6-4" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-managed-serviceaccount-container-v2.7.6-4" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-multicloud-manager-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-must-gather-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-operator-bundle-container-v2.7.6-9" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-operator-container-v2.7.6-5" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-placement-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-provider-credential-controller-container-v2.7.6-4" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-registration-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-registration-operator-container-v2.7.6-3" }, { "product_name" : "multicluster engine for Kubernetes 2.7 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18278", "cpe" : "cpe:/a:redhat:multicluster_engine:2.7::el9", "package" : "multicluster-engine-work-container-v2.7.6-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-cli-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-cluster-permission-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-governance-policy-addon-controller-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-governance-policy-framework-addon-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-grafana-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-multicluster-observability-addon-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-must-gather-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-operator-bundle-container-v2.12.5-9" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-prometheus-config-reloader-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-prometheus-operator-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-search-indexer-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-search-v2-api-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-search-v2-operator-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-siteconfig-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "acm-volsync-addon-controller-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "cert-policy-controller-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "cluster-backup-operator-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "config-policy-controller-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "console-container-v2.12.5-5" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "endpoint-monitoring-operator-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "governance-policy-propagator-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "grafana-dashboard-loader-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "insights-client-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "insights-metrics-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "klusterlet-addon-controller-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "kube-rbac-proxy-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "kube-state-metrics-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "memcached-exporter-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "metrics-collector-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "multicloud-integrations-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "multiclusterhub-operator-container-v2.12.5-5" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "multicluster-observability-operator-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "multicluster-operators-application-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "multicluster-operators-channel-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "multicluster-operators-subscription-operator-container-v2.12.5-5" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "node-exporter-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "observatorium-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "observatorium-operator-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "prometheus-alertmanager-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "prometheus-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "rbac-query-proxy-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "rhacm2/memcached-rhel9:v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "search-collector-container-v2.12.5-5" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "submariner-addon-container-v2.12.5-4" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "thanos-container-v2.12.5-3" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.12 for RHEL 9", "release_date" : "2025-10-21T00:00:00Z", "advisory" : "RHSA-2025:18744", "cpe" : "cpe:/a:redhat:acm:2.12::el9", "package" : "thanos-receive-controller-container-v2.12.5-3" }, { "product_name" : "multicluster engine for Kubernetes 2.6", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23528", "cpe" : "cpe:/a:redhat:multicluster_engine:2.6::el9", "package" : "multicluster-engine/console-mce-rhel9:sha256:0b6fcf9297999bca37be509e40f14ed5911db4bc325ef04f17bc6d04b84d6a5f" }, { "product_name" : "multicluster engine for Kubernetes 2.8", "release_date" : "2026-01-15T00:00:00Z", "advisory" : "RHSA-2026:0722", "cpe" : "cpe:/a:redhat:multicluster_engine:2.8::el9", "package" : "multicluster-engine/console-mce-rhel9:sha256:9aae58bb0df87f4f82ceff07e8b6d8daed0988b5ab18c4626806ec304672b959" }, { "product_name" : "multicluster engine for Kubernetes 2.9", "release_date" : "2025-10-30T00:00:00Z", "advisory" : "RHSA-2025:19332", "cpe" : "cpe:/a:redhat:multicluster_engine:2.9::el9", "package" : "multicluster-engine/console-mce-rhel9:sha256:04ab6450876affdee62ac29f7d8897391ea649533b2fe4c9a45f51f02a686b00" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.11", "release_date" : "2025-12-17T00:00:00Z", "advisory" : "RHSA-2025:23529", "cpe" : "cpe:/a:redhat:acm:2.11::el9", "package" : "rhacm2/console-rhel9:sha256:7b9cc0685f1fccce3a66328fd5d29ebe1cccfe8e8d11398ca105371f78d6676e" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.13", "release_date" : "2026-01-14T00:00:00Z", "advisory" : "RHSA-2026:0627", "cpe" : "cpe:/a:redhat:acm:2.13::el9", "package" : "rhacm2/console-rhel9:sha256:5b10ad33c3d6df9518e9ef67876b76023f5ff6604275ef9cabc0a323c458b85f" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.13", "release_date" : "2026-01-15T00:00:00Z", "advisory" : "RHSA-2026:0718", "cpe" : "cpe:/a:redhat:acm:2.13::el9", "package" : "rhacm2/console-rhel9:sha256:5b10ad33c3d6df9518e9ef67876b76023f5ff6604275ef9cabc0a323c458b85f" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.14", "release_date" : "2025-10-30T00:00:00Z", "advisory" : "RHSA-2025:19335", "cpe" : "cpe:/a:redhat:acm:2.14::el9", "package" : "rhacm2/acm-grafana-rhel9:sha256:0ee74288b19b217b917a4719d08bd1ddead9fdc90bac9f9868b8d721e12a8576" }, { "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2.14", "release_date" : "2025-10-30T00:00:00Z", "advisory" : "RHSA-2025:19335", "cpe" : "cpe:/a:redhat:acm:2.14::el9", "package" : "rhacm2/console-rhel9:sha256:86c711091d0a954427d4dcd667cee8feda6dbc6fa2616de9f3316750b04c27e7" }, { "product_name" : "Red Hat Developer Hub 1.6", "release_date" : "2025-08-27T00:00:00Z", "advisory" : "RHSA-2025:14767", "cpe" : "cpe:/a:redhat:rhdh:1.6::el9", "package" : "rhdh/rhdh-hub-rhel9:sha256:48b72d96926999336505cbf097f873dd9ccb2dec814a5db7f7ffa630dea29dc5" }, { "product_name" : "Red Hat Developer Hub 1.7", "release_date" : "2025-09-16T00:00:00Z", "advisory" : "RHSA-2025:16020", "cpe" : "cpe:/a:redhat:rhdh:1.7::el9", "package" : "rhdh/rhdh-hub-rhel9:sha256:34534577a381685582d880b753a44b243fdd09697c878d5fbee790f55dba3d7a" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23", "release_date" : "2025-09-15T00:00:00Z", "advisory" : "RHSA-2025:15847", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.23::el9", "package" : "devspaces/code-rhel9:sha256:2bfe5265856abdd8cb490bde852d4e992f1793684f003d1ef53776fe69d790d7" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23", "release_date" : "2025-09-15T00:00:00Z", "advisory" : "RHSA-2025:15847", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.23::el9", "package" : "devspaces/dashboard-rhel9:sha256:78dabed4a5fc1eb3246778e6ee6e1a543829cf88d0b03f0ccccf101c41a7bdda" }, { "product_name" : "Red Hat OpenShift Dev Spaces (RHOSDS) 3.23", "release_date" : "2025-09-15T00:00:00Z", "advisory" : "RHSA-2025:15847", "cpe" : "cpe:/a:redhat:openshift_devspaces:3.23::el9", "package" : "devspaces/machineexec-rhel9:sha256:13f0ec3ce663f6701501e82bbb508549e149588eedb0982729a59d98c88d0ba0" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3710", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-hub-api-rhel8:sha256:1066cf4185e3cd917c05e6d6759fb0a69428c4b43398df10dff8abe523761c09" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3710", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-hub-db-migration-rhel8:sha256:0a12cf22aa798dbc3661f7e83aa9c280fe394de5b0ecc6ed7c93be1df539fce9" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3710", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-hub-ui-rhel8:sha256:0dee713a14ab49d93b52b280d4ca3c6fc1c5f604087c81b755a6715330c91ea7" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3712", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-hub-api-rhel8:sha256:1066cf4185e3cd917c05e6d6759fb0a69428c4b43398df10dff8abe523761c09" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3712", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-hub-db-migration-rhel8:sha256:0a12cf22aa798dbc3661f7e83aa9c280fe394de5b0ecc6ed7c93be1df539fce9" }, { "product_name" : "Red Hat OpenShift Pipelines 1.15", "release_date" : "2026-03-04T00:00:00Z", "advisory" : "RHSA-2026:3712", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.15::el8", "package" : "openshift-pipelines/pipelines-hub-ui-rhel8:sha256:0dee713a14ab49d93b52b280d4ca3c6fc1c5f604087c81b755a6715330c91ea7" }, { "product_name" : "Red Hat OpenShift Pipelines 1.19", "release_date" : "2025-12-09T00:00:00Z", "advisory" : "RHSA-2025:22905", "cpe" : "cpe:/a:redhat:openshift_pipelines:1.19::el9", "package" : "openshift-pipelines/pipelines-hub-api-rhel9:sha256:6f879fcc0f49dd55a32a2394fb366a07fc9d53b7bf90638f7427b08e700efa1a" }, { "product_name" : "Red Hat Trusted Artifact Signer 1.2", "release_date" : "2025-08-25T00:00:00Z", "advisory" : "RHSA-2025:14474", "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.2::el9", "package" : "rhtas/rekor-search-ui-rhel9:sha256:fe31830df2d99359749cb86cd1ac2f32fcc3de07aae427d2f2cd3998d31d2833" } ], "package_state" : [ { "product_name" : "OpenShift Pipelines", "fix_state" : "Not affected", "package_name" : "openshift-pipelines/pipelines-console-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-hub-db-migration-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Pipelines", "fix_state" : "Affected", "package_name" : "openshift-pipelines/pipelines-hub-ui-rhel9", "cpe" : "cpe:/a:redhat:openshift_pipelines:1" }, { "product_name" : "OpenShift Serverless", "fix_state" : "Will not fix", "package_name" : "openshift-serverless-1/kn-backstage-plugins-eventmesh-rhel8", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Will not fix", "package_name" : "openshift-service-mesh/kiali-ossmc-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 2", "fix_state" : "Will not fix", "package_name" : "openshift-service-mesh/kiali-rhel8", "cpe" : "cpe:/a:redhat:service_mesh:2" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Will not fix", "package_name" : "openshift-service-mesh/kiali-operator-bundle", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Will not fix", "package_name" : "openshift-service-mesh/kiali-ossmc-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Will not fix", "package_name" : "openshift-service-mesh/kiali-rhel9", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "OpenShift Service Mesh 3", "fix_state" : "Will not fix", "package_name" : "openshift-service-mesh/kiali-rhel9-operator", "cpe" : "cpe:/a:redhat:service_mesh:3" }, { "product_name" : "Red Hat Developer Hub", "fix_state" : "Not affected", "package_name" : "rhdh/rhdh-rhel9-operator", "cpe" : "cpe:/a:redhat:rhdh:1" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "firefox", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "polkit", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "thunderbird", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "grafana", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "mozjs60", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "polkit", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "gjs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "pcs", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "polkit", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Affected", "package_name" : "io.apicurio-apicurito", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "io.syndesis-syndesis-parent", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-data-science-pipelines-argo-argoexec-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Not affected", "package_name" : "rhoai/odh-data-science-pipelines-argo-workflowcontroller-rhel8", "cpe" : "cpe:/a:redhat:openshift_ai" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-console", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/configbump-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/dashboard-rhel8", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/devspaces-rhel9-operator", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/imagepuller-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces-tech-preview/idea-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces-tech-preview/jetbrains-ide-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift Dev Spaces", "fix_state" : "Not affected", "package_name" : "devspaces/traefik-rhel9", "cpe" : "cpe:/a:redhat:openshift_devspaces:3" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/argocd-agent-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Will not fix", "package_name" : "openshift-gitops-1/argocd-extensions-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/argocd-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/argocd-rhel9", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/argo-rollouts-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/console-plugin-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/dex-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/gitops-operator-bundle", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/gitops-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/gitops-rhel8-operator", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat OpenShift GitOps", "fix_state" : "Not affected", "package_name" : "openshift-gitops-1/must-gather-rhel8", "cpe" : "cpe:/a:redhat:openshift_gitops:1" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "org.kie-process-migration-service", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "org.kie.workbench-kie-wb-common", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Not affected", "package_name" : "org.uberfire-uberfire-parent", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Trusted Profile Analyzer", "fix_state" : "Affected", "package_name" : "rhtpa/rhtpa-trustification-service-rhel9", "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:1" }, { "product_name" : "streams for Apache Kafka 2", "fix_state" : "Affected", "package_name" : "com.github.streamshub-console", "cpe" : "cpe:/a:redhat:amq_streams:2" }, { "product_name" : "streams for Apache Kafka 3", "fix_state" : "Affected", "package_name" : "com.github.streamshub-console", "cpe" : "cpe:/a:redhat:amq_streams:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-9288\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-9288\nhttps://github.com/browserify/sha.js/pull/78\nhttps://github.com/browserify/sha.js/security/advisories/GHSA-95m3-7q98-8xr5\nhttps://www.cve.org/CVERecord?id=CVE-2025-9287" ], "name" : "CVE-2025-9288", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }